the stream

Links to articles, short comments on various topics - basically the sort of posts I would have put out on Google+ in previous years.

safecast comments on news reports about "spiking" radiation levels in the Fukushima reactor runis

Alexander Bochmann Friday 10 of February, 2017
Yeah, that's press hyperbole... safecast blog: "No, radiation levels at Fukushima Daiichi are not rising." (cache) They also have some of the images taken during that measurement, in an area below the reactor pressure vessel.

safecast wrote:
It must be stressed that radiation in this area has not been measured before, and it was expected to be extremely high. While 530 Sv/hr is the highest measured so far at Fukushima Daiichi, it does not mean that levels there are rising, but that a previously unmeasurable high-radiation area has finally been measured. Similar remote investigations are being planned for Daiichi Units 1 and 3. We should not be surprised if even higher radiation levels are found there, but only actual measurements will tell.

33C3 talk: Linux in my baseband?

Alexander Bochmann Sunday 05 of February, 2017
Ok, I missed this during 33C3: Harald Welte and Holger Freyther dissect a Quectel 3G/LTE modem that's based on the Qualcomm MDM9615 chipset...

The MDM9615 contains an ARM core that runs a bastardized Android kernel (including an adb shell) with busybox and OpenEmbedded userland, with lots of strange stuff that translates between the user-facing interface and the closed Qualcomm baseband core. A user can run programs on the ARM core using AT+QLINUXCMD... All the infrastructure (including firmware updates) is completely unprotected from manipulation...

Full talk on media.ccc.de: Dissecting modern (3G/4G) cellular modems

More info on the Osmocom wiki: http://osmocom.org/projects/quectel-modems/wiki

@morganmpage on Twitter: "gamification of the alt-right"

Alexander Bochmann Saturday 04 of February, 2017
The thread following this post by @morganmpage on Twitter (cache), via Brianna Sheldon on Google+, mirrors some of my own thoughts on certain supporters of the Trump administration. During the recent months, I've thought "damn, this reminds me of ingame politics during my times playing EVE Online" so much when looking at news from the presidential campaign...

Some selected snippets from the above link:

@morganmpage wrote:
Ten years ago I would not have predicted that geek culture would plunge the world into political chaos.
So much of the alt-right grew out of online geek culture (GG is a good example).
A layer the media has not picked up on is the gamification of the alt-right. It is a game played for nihilistic pleasure.
Every woman, POC, queer, trans person intimidated - every social justice space 'infiltrated' - scores points for the nerd nazis.
Geek culture was perfect breeding ground for this. Like geeks intensely nostalgize the media culture of their youths, so too the altright
It became easy to like a nostalgia for media culture to a nostalgia for nationalist culture. Both are reactions to a rapidly changing world.
Reddit and the chans, w/their male-centric and game-ified trolling cultures, gave birth to the bastard child that is the alt-right.
Don't "not ALL gamers!" at me. Of course it is not all individual geeks. But this subculture is what gave birth to the alt-right.
The sneering way the left dismisses the alt-right as uneducated is simply not the case, which I guess is one of the points I'm making here.
The Gaters are really the direct antecedents of the current alt-right. The Gate is how they learned to organize, gameify harassment, etc.
They don't actually care about politics: they're using it as a game and as a tool for lashing out about their feelings of disenfranchisement

("GG" refers to Wikipedia: Gamergate controversy)

Currently, it seems a similar game has started around Martin Schulz, SPD candidate for chancellor in the upcoming general elections here in Germany.

left-handed mouse

Alexander Bochmann Saturday 04 of February, 2017
Some time ago, the Evoluent Vertical Mouse I've been using at work has gone unusable (was a VM3 - it's ok technically, but it's rubber coating is gooey after a couple of years of use, very uncomfortable to touch), and so I thought - why not just use a normal mouse, with the left hand for a change.

Yeah well. That's harder than I thought. Precision is not a problem for normal tasks (I often use the left hand to handle tools), but using the mouse still needs a lot more attention right now. I hadn't realized how hard-wired these things are. With the right hand - even when using the Vertical Mouse, which enforces a slightly different kind of arm movement - just takes no conscious effort. I think I'll try for another week, but right now I'm taking a sharp hit in effectiveness while doing anything that needs the mouse. Even in the small things, like habitually picking up the coffee cup with the left hand, and then noticing I'd need that hand to click on a link right now...

I also noticed that I still use the left mouse button for left clicks (with the left middle finger), instead of the index finger on the right button. With Windows, that's actually an advantage, because the local mouse settings don't map into terminal service sessions, and I'd have to change the mouse settings on every system I connect to otherwise.

Derek Lowe - Thoughts on Corruption

Alexander Bochmann Saturday 04 of February, 2017
Here: http://blogs.sciencemag.org/pipeline/archives/2017/02/03/thoughts-on-corruption

I think that there are, broadly speaking, three levels of corruption, and that they can be ranked in order of severity and destructiveness to the social order. [..]

Level One is when you’re paying someone to do something that they wouldn’t ordinarily do. [..] This sort of thing happens everywhere, and I’m willing to stipulate that it’s human nature. [..]

Level Two corruption, though, is when you’re paying someone to do what they’re supposed to be doing in the first place. [..] Now you’re bribing people just to stay even, not to get something extra. The deadweight loss to the economy and to society should be clear. [..]

And that shades into Level Three, which is the most harmful of them all. This is where you’re paying them not to hurt you. [..] Now you’re not getting favors, and you’re not even just getting what the law or the contract says you should get. You’re actively trying to avoid harm, and thus you exist at the sufferance of whoever has the leverage on you.

Google Project Shield & Krebs on Security

Alexander Bochmann Friday 03 of February, 2017
Ars Technica has an article with some more background on the DDOS attacks targeted at the Krebs on Security blog, and how Google engineers dealt with them after Krebs was accepted into Project Shield.

The attacks used a variety of techniques beyond just packet or http request floods:
Ars Technica wrote:
The attacks were the most powerful in the first two weeks, but as they continued, they incorporated a variety of new techniques. One, dubbed a WordPress pingback attack, abused a feature in the widely used blogging platform that automates the process of two sites linking to each other. It caused a large number of servers to simultaneously fetch KrebsOnSecurity content in an attempt to overwhelm site resources. Google was able to block it, because each querying machine broadcast a user agent that contained the words "WordPress pingback," which Google engineers promptly blocked. Another technique dubbed "cache-busting attacks" was also stopped.

Also, about Google's decision making process:
Ars Technica wrote:
"What happens if this botnet actually takes down google.com and we lose all of our revenue?" Google Security Reliability Engineer Damian Menscher recalls people asking. "But we considered that if the botnet can take us down, we're probably already at risk anyway. There's nothing stopping them from attacking us at any time. So we really had nothing to lose here."

Update: Brian Krebs now has an own post on the topic

TikiWiki as a blog platform...

Alexander Bochmann Thursday 02 of February, 2017
Hrm. Possibly, I should consider using something else. Blog doesn't seem a major focus in for Tiki - I see that after all these years, Trackbacks still don't work. But then maybe it doesn't really matter...

I also notice the page layout look really bad on a widescreen monitor after upgrading to a more recent Tiki release. I didn't really want to have to mess with the themes :(

another Cisco hardware blunder - "Clock Signal Component Issue"

Alexander Bochmann Thursday 02 of February, 2017
Cisco has identified another component that's prone to failing over time (after we had the dying RAM issue maybe two years ago): Although the Cisco products with this component are currently performing normally, we expect product failures to increase over the years, beginning after the unit has been in operation for approximately 18 months. Once the component has failed, the system will stop functioning, will not boot, and is not recoverable.

Details over here: http://www.cisco.com/c/en/us/support/web/clock-signal.html

Of the affected platforms, I assume the ASAs will be the most painful for us, if it turns out we have bad hardware revisions...

still experimenting

Alexander Bochmann Sunday 29 of January, 2017
Note: I'm still experimenting with this. While I've been running this TikiWiki installation in various incarnations for over a decade, I've never bothered to learn how to deal with many of the advanced features. Unfortunately, the Tiki documentation is somewhat of a mess.

Not sure about the Youtube iframes, for example - I think I want to find a way to only show them on the actual post page, not in the blog overview (similar to "below the cut" back in Livejournal), or maybe hide them in something like a bbcode spoiler tag... Never used the Tags feature up to now, either (and I really need to remember to not use a comma as separator).

For now, I'll probably mix german and english language posts, and just tag them accordingly (with english being the default, especially when I'm linking to other english language content).

Youtube: Gemma Ray - The switch

Alexander Bochmann Sunday 29 of January, 2017
Really like her voice in this song recorded by Le Bruit des Graviers...

video: Gemma Ray - The switch

[edit: replaced inline video with a simple link - didn't like the various trackers being loaded by the Youtube embed code when the blog is accessed]

[edit 2: Not sure what happened here - the video is now private, and Sébastien Brodart has removed his article referencing the session from his web site...]

bash option to send command history to a syslog server?

Alexander Bochmann Sunday 29 of January, 2017
Stumbled over an old entry on the SANS ISC blog today that explains how to set up bash for remote logging of it's command history (it's a compile-time switch): SANS: Improving Bash Forensics Capabilities (cache)

Since the version 4.1, Bash supports Syslog natively but in most distribution, it is not enabled. To use this feature, you need to recompile your shell. [..] You just have to define "SYSLOG_HISTORY" in config-top.h

The post also has some more information on the various environment variables that control bash history options.