Hack-The-Planet Podcast: Episode 003

Wir haben wieder etwas aufgenommen. Der Release heute ab 15 Uhr wie gewohnt hier und hier sogar mit Live-Chat.

Diesmal geht es um:

  1. Scanner Pro auf iOS – https://apps.apple.com/us/app/scanner-pro/id333710667 
  2. Scanbot auf iOS – https://scanbot.io/en/index.html 
  3. Abo-Modelle bei Software und Diensten
  4. RING Kamera und Überwachungssystem – https://de-de.ring.com/
  5. Canary Indoor Camera – https://canary.is/
  6. Surveillance Station – https://www.synology.com/en-global/surveillance
  7. Ring has more than 400 police “partnerships” – https://arstechnica.com/tech-policy/2019/08/ring-has-more-than-400-police-partnerships-company-finally-says/
  8. Jumbo Privacy – https://blog.jumboprivacy.com/ – App Store: https://apps.apple.com/us/app/jumbo-privacy/id1454039975?ls=1
  9. Tim Berners-Lee Projekt “Solid”: https://solid.mit.edu/https://en.wikipedia.org/wiki/Solid_(web_decentralization_project)https://solid.inrupt.com/how-it-works 
  10. Ubuntu – https://ubuntu.com/
  11. Throw-Away Remote VNC Linux Desktop in a Docker container – https://www.schrankmonster.de/2019/08/27/a-throw-away-linux-desktop-in-a-container/ 
  12. Virtual Network Computing – https://en.wikipedia.org/wiki/Virtual_Network_Computing
  13. Stephen Wolfram – https://blog.stephenwolfram.com/
  14. Speed of Light in Medium – https://en.wikipedia.org/wiki/Speed_of_light

paint it (very) black

You might, or might not be aware of my passion for black clothing. I like the simplicity and absence of noise.

Anyway. You might not be aware of the wonderful world of black as-in paint.

Apparently the current record holder in blackness (measured in percent absorption of visible light) is a product called “Vanta Black”.

Wikipedia: Wrinkled aluminium foil with a portion—equally wrinkled—coated in Vantablack

Vantablack is a material developed by Surrey NanoSystems in the United Kingdom and is one of the darkest substances known, absorbing up to 99.96% of visible light (at 663 nm if the light is perpendicular to the material).
The name is a compound of the acronym VANTA (vertically aligned carbon nanotube arrays) and the color black.

Wikipedia: Vantablack

Unfortunately this blackest-of-black coating is not readily available for purchase. Export rules apply and so it’s usually not sold to civilians at all.

“What is the next best thing?”, you ask. Well it’s BLACK 2.0.

Functional Threshold Power

I am cycling for fun and for the effect it has on my body and well-being. I do about 30km of cycling every day on average.

After my first stationary trainer broke I bought a new one with the capability to measure wattage and also to apply resistance measured by the watt.

After looking at my average speeds, heart-rates and times on the device I was able to build a quite detailed understanding of the broader picture. What effects my power output and what does not. The effects of nutrition and health to what the body will deliver while being asked the exact same power output curve than the last time.

In a nutshell the numbers tell me that I am usually at a mediocre wattage of 150W constant load doing about 40 km/h average. My reserves usually allow me to go for 1-2 hours without a break doing this.

So far so good. Now I’ve found out from more serious cyclers that there’s something like “Functional Threshold Power“. I do regular have tests at the doctors to check for any heart-rate issues.

Reading about this Functional Threshold Power my curiousity is sparked.

How much could I do? Should I even go for measuring it?

a throw-away remote VNC linux desktop in a docker container

I am running most of my in-house infrastructure based on Docker these days…

Docker is a set of platform-as-a-service (PaaS) products that use operating-system-level virtualization to deliver software in packages called containers. Containers are isolated from one another and bundle their own software, libraries and configuration files; they can communicate with each other through well-defined channels.

All containers are run by a single operating-system kernel and are thus more lightweight than virtual machines.

Wikipedia: Docker

And given the above definition it’s fairly easy to create and run containers of things like command-line tools and background servers/services. But due to the nature of Docker being “terminal only” by default it’s quite hard to do anything UI related.

But there is a way. By using the VNC protocol to get access to the graphical user interface we can set-up a container running a fully-fledge Linux Desktop and we can connect directly to this container.

I am using something I call “throw-away linux desktop containers” all day every day for various needs and uses. Everytime I start such a container this container is brand-new and ready to be used.

Actually when I start it the process looks like this:

As you can see when the container starts-up it asks for a password to be set. This is the password needed to be entered when the VNC client connects to the container.

And when you are connected, this is what you get:

this is what you see after connecting to the desktop container by VNC

I am sharing my scripts and Dockerfile with you so you can use it yourself. If you put a bit more time into it you can even customize it to your specific needs. At this point it’s based on Ubuntu 18.04 and starts-up a ubuntu-mate desktop environment in it’s default configuration.

When you log into the container it will log you in as root – but effectively you won’t be able to really screw around with the host machine as the container is still isolating you from the host. Nevertheless be aware that the container has some quirks and is run in extended privileges mode.

Chromium will be pre-installed as a browser but you will find that it won’t start up. That’s because Chromium won’t start up if you attempt a start as root user.

The workaround:

“–no-sandbox” parameter for Chromium

Now get the scripts and container here and build it yourself!

Password Managers…

I am using 1Password for years now. It’s a great tool. So far.

As I am using it locally synced across my own infrastructure I feel like I am getting slowly but surely pushed out of their target-customer group. What does that mean?

The current pricing scheme, if you buy new, for 1Password looks like this:

So it’s always going to be a subscription if you want to start with it and if you want it in a straight line.

It used to be a one-time purchase per platform and you could set-up syncing across other cloud services as you saw fit. If you really start from scratch the 1Password apps still give you the option to create and sync locally but the direction is set and clear: they want you to sign up to a subscription.

I am not going to purchase a subscription. With some searching I found a software which is extremely similar to 1Password and fully featured. And is available as 1-time purchase per platform for all platforms I am using.

Also. This one is the first that could import my 1Password export files straight away without any issues. Even One-Time-Passwords (OTP) worked immediately.

The name is Enpass and it’s available for Mac, Windows, Linux, iOS, Android and basically acts as a step in replacement for 1Password. It directly imports what 1Password is exporting. And its pricing is:

much more reasonable and without subscriptions.

Subscriptions for services as this are a no-go for me. It’s a commodity service which I am willing to pay for trailing updates and maintenance every year or so in a major update.

I am not willing to pay a substantial amount of money per user per month to just keep having access to my Passwords. And having them synced onto some companies infrastructure does not make this deal sweeter.

Enpass on the other hand comes with peace-of-mind that no data leaves your infrastructure and that you can get the data in and out any time.

It can import from these:

As mentioned I’ve migrated from 1Password in the mere of minutes and was able to plug-in-replace it immediately.

host GIT repositories painlessly

As people around me discuss what to go for in regards to manage their growing number of private GIT repositories I joined their discussion.

A couple of years ago I assessed how I would want to store my collection of almost 100 GIT private repositories and all those cloned mirrors I want to keep for archival and sentimental reasons.

An option was to pay for GitHub. Another option, which most seemed to prefer, was going for a local Gitlab set-up.

All seemed not desirable. Like chaining my workflows to GitHub as a provider or adopting a new hobby to operate and maintain a private GitLab server. And as it might have become easier to operate a GitLab server with the introduction of container management systems. But I’ve always seemed to have to update to a new version when I actually wanted to use it.

So this was when I had to make the call for my own set-up about 4 years ago. We were using a rather well working GitLab set-up for work back then. But it all seemed overkill to me also back then.

So I found: gogs.io

It runs with one command, the only dependency is two file system directories with (a) the settings of gogs and (b) your repositories.

It’ll deploy as literally a SINGLE BINARY without any other things to consider. With the provided dockerfile you are up and running in seconds.

It has never let me down. It’s running and providing it’s service. And that’s the end of it.

I am using it, as said, for 95 private repositories and a lot of additionally mirrored GIT repositories. Gogs will support you by keeping those mirrors in sync for you in the background. It’s even multi-user multi-organization.

Train Melody / 武蔵小杉駅

In hearing distance of the place I am usually staying when in Tokyo is a train station. So if the wind is right and the window is open I hear all these train station chimes and sounds.

If you don’t know what it is, let Wikipedia educate you:

train melody is a succession of musically expressive tones played when a train is arriving at or about to depart from a train station. As part of train passenger operations, a train melody includes a parade of single notes organized to follow each other rhythmically to form a lilting, singular musical thought.

In Japan, departing train melodies are arranged to invoke a relief feeling in a train passenger after sitting down and moving with the departing train. In contrast, arriving train melodies are configured to cause alertness, such as to help travelers shake off sleepiness experienced by morning commuters.

発車メロディ

With this post I also want to have you hear what I mean. These sounds are having interesting pavlovian effects anyways.

before the train exits the station
played beforehand any announcement
doors are closing

Find more here and here and here.

Hack-The-Planet Podcast: Episode 0

A friend of mine started something and I have the honor to be part of it. The world now has one additional podcast to listen to. It’s in german though. For now at least.

We are still working on the website, the feed and the audio mixing and recording quality. So bear with us.

And now: Episode 0 is upon us!

Discover Zaraday!

Prickle-Prickle 5 Bureaucracy: The Apostle Zarathud’s Holyday. A hard nosed Hermit of Medieval Europe and Chaosphe Bible Banger (after his enlightenment, that is). Dubbed “Offender of The Faith”. Discovered the Five Commandments (The Pentabarf).

Zaraday

˙sǝᴉʇᴉʌᴉʇɔɐ ǝʇɐᴉɹdoɹddɐuᴉ ǝpnlɔuᴉ sǝᴉʇᴉʌᴉʇɔɐ ǝʇɐᴉɹdoɹdd∀

Beautiful bits – information from old catalogs

There are many connectors out in the world. A lot of them are old but get still used. And once every while you might need an actual great drawing / scheme of such a connector.

There’s a place for all your needs and curiosity. It’s bitsavers.org.

Just take a look at this drawing and cut-away of a coax connector from the 1976 AMP product catalog:

There is lots more, just take a look at bitsavers. Especially the software bits archive of (very) old computers software and sources. Just wow.

electronic fireworks

The firecracker exploded. Apparently after 2 weeks of usage of the Chuwi Hi10 Air the eMMC flash is malfunctioning.

In a totally strange way: Every byte on the eMMC can be read, seemingly. Even Windows 10 boots. But after a while it will hang and blue screen. Apparently because it tries to write to the eMMC and when those writes fail and pile up in the caches at some point the system calls it quits.

Anyhow: It means that no byte that is right now on this eMMC can be deleted / overwritten but only be read.

The great chinese support is really helpful and offered to replace the device free of charge right away. That’s very nice! But I came to the conclusion that I cannot send the device in, because:

It contains a full set of synched private data that I cannot remove by all means because the freaking soldered-on eMMC flash is broken.

The recipient of this broken tablet in china would be able to read all my data and I could not do anything about it.

Only an extremely small fraction of data is on there unencrypted. Only that much I hadn’t yet switched on encryption on during the initial set-up I was still doing on the device. And that little piece of data already is what won’t let me send out the device.

Now, what can we learn from this? We can learn: Never ever ever work with anything, even during set-up, without full encryption.

Es ist egal, aber

Tocotronic is one of the bands I listened to during my teens/twenties. That dates me, that dates the band.

It’s very german. You’ll find their music on most streaming platforms. I recommend starting with the albums “wir kommen um uns zu beschweren” and “es ist egal aber”.

Anyhow. Now one member of the band starts a podcast!

Jan Müller ist seit über 25 Jahren Mitglied der Band Tocotronic. Er ist mit dem Format des Interviews bestens vertraut und kann sich als Fragender gut in die Perspektive seiner Gäste hineinversetzen. Die persönliche Auswahl seiner Gesprächspartner*innen bildet die Grundlage für authentische Gespräche, die stets von Interesse und Respekt geprägt sind. Mit “Reflektor” startet Jan seinen ersten Podcast. 

https://viertausendhertz.de/reflektor

easily draw text based flowcharts

As I am mainly producing text and markdown notes throughout the day I am always interested in ways to quickly create simple text-based flow-charts.

I did write about a couple of tools to accomplish this previously but I want to take note of the most recent addition to the toolbox: ASCIIFlow Infinity.

You open it in your browser and start drawing with the simple tools provided.

When you are done you export it to plain text and do what you feel like with it.

Here’s a feature overview:

train sounds in Japan

If you’ve ever been to Japan you must have noticed that everything and anything makes sounds and talks. Elevators, escalators, doors, train stations, gates, vending machines – you name it, it makes sounds and talks.

It’s so apparent but yet quite comforting that I enjoyed it. It became an additional channel of information without the need of point-and-call all the time. Highly effective for me.

Japan utilizes sounds to a degree that every detail seems to count. Take the station gates you rush through to get to your train platform. It’ll sound differently depending on how you pay, what status your ticket had and even how close your IC-cards balance is to being empty.

Or just the fact that the ticket gates make sounds at all to make you find them easily.

A good portion of this sounds you can find on places like YouTube or specialized websites. One of those specialized websites is hatsumelo.com:

For some routes and stations you find here:

  • Station melody – departing and arrival melodies that are played on the occasion
  • In-car chime – chimes played before and after information broadcasts mainly in the Shinkansen and limited express trains.
  • Door opening and closing – doors make sounds too!

brain simulators

With recent announcements around human brain and brain-machine interface research like Neuralink the topic is seemingly seeing some more investments now.

As this whole topic is special to my heart I am interested in all things brain simulations. Thus here’s my personal “logbook entry” on the re-appearance of this topic:

This leads to one of the arguments for whole-brain simulation: it’ll help us solve the “biological imitation game,” a Turing test-like assay that pits digitally reconstructed brains against real ones. Iterations of the test help select increasingly more accurate models for a given task, which eventually become the most promising ideas for how specific biological networks operate. And because these models are based on mathematical equations, they could become the heart of next-generation AI.

Singularity Hub

There’s also a paper! – Unfortunately I cannot link directly to the paper as it is behind paywalls. Neuralink on the other side was so kind to publish open-access:

visualize baby sleep pattern

A visualization of my son’s sleep pattern from birth to his first birthday. Crochet border surrounding a double knit body. Each row represents a single day. Each stitch represents 6 minutes of time spent awake or asleep

Seung Lee on Twitter

No babies here. But I want such a blanket now.

The Fastest journey from Roma to Londinium..

…in July takes 27.1 days, covering 2967 kilometers. At least if you would have taken the challenge in times of the Roman Empire.

ORBIS: The Stanford Geospatial Network Model of the Roman World reconstructs the time cost and financial expense associated with a wide range of different types of travel in antiquity. The model is based on a simplified version of the giant network of cities, roads, rivers and sea lanes that framed movement across the Roman Empire. It broadly reflects conditions around 200 CE but also covers a few sites and roads created in late antiquity.

ORBIS: The Stanford Geospatial Network Model of the Roman World

By simulating movement along the principal routes of the Roman road network, the main navigable rivers, and hundreds of sea routes in the Mediterranean, Black Sea and coastal Atlantic, this interactive model reconstructs the duration and financial cost of travel in antiquity.

augmented (reality) book cover

If you ever want to quickly explain what augmented reality could be to a person not knowing yet, you might want to use this (and other) use cases for a visual explanation:

I achieved this by separating the artwork and text into many individual layers, that I placed in receding layers of 3D depth, in a 3D program on the computer. And made sure everything outside the borders of the book is excluded, to give it the ‘portal’ effect.

Augmented Reality Book Cover by Alexander Wand

Wireless Network Mapping – data source and data sink

When you work with wireless networks and you do programming and mobile app development that works with things like user location you might find this useful.

Take thousands of users and you’ve got the worlds wifi networks mapped…

WiGGLE (Wireless Geographic Logging Engine) is a project which takes wireless network data + location and puts it into a big database. On top of storage it’s giving you access to that data.

We consolidate location and information of wireless networks world-wide to a central database, and have user-friendly desktop and web applications that can map, query and update the database via the web.

https://wigle.net/faq

So what’s my use-case? Apart from the obvious I will make use of this by finding out more about those fellow travelers around me. Many people probably to the same as me: Travel with a small wifi / 4g access point. Whenever this accesspoints shows up in scans the path will be traceable.

I am curious to see which access point around me is in the million-mile club yet…

full website screenshots from your commandline

Think of this: You want to capture a whole, multi-scroll-pages, web-page into one image.

This can be difficult without the right tools. It surely will be a lot of work to accomplish a 10th of thousand pixel height screenshot put together from multiple single screenshots…

CutyCapt is there to help! It’s a command line tool encapsulating the very powerful WebKit browser engine to render a full page and then create a single file screenshot of the whole page for you.

By example, this is what it did when told to screenshot this website:

PixelFed – Federated Image Sharing

In search of alternatives to the traditional centralized hosted social networks a lot of smart people have started to put time and thought into what is called “the-federation”.

The Federation refers to a global social network composed of nodes that talk to each other. Each of them is an installation of software which supports one of the federated social web protocols.

What is The Federation?

You may already have heard about projects like Mastodon, Diaspora*, Matrix (Synapse) and others.

The PixelFed project seems to gain some traction as apparently the first documentation and sources are made available.

PixelFed is a federated social image sharing platform, similar to instagram. Federation is done using the ActivityPub protocol, which is used by Mastodon, PeerTube, Pleroma, and more. Through ActivityPub PixelFed can share and interact with these platforms, as well as other instances of PixelFed.

the-federation

I am posting this here as to my personal logbook.

Given that there’s already a Dockerfile I will give it a try as soon as possible.

WiFi QR Code Generator

Whenever we arrive at a place that we have not been before it is important to get properly connected to the internet.

Finding wifi SSIDs and typing passwords is tedious and prone to errors. There is an easier way of course!

The owner of the wireless network can generate a QR code that you can easily take a photo of and your phone will automatically prompt you to log into the wireless network without you having to type anything.

On your phone it looks like this:

To generate these QR codes that contain all information for visitors/new users to connect this simple tool / online generator can be used:

Ever wanted to create a cool QR code for your guests? But never wanted to type in your WiFi credentials into a form that submits them to a remote webserver to render the QR code? QiFi for the rescue! It will render the code in your browser, on your machine, so the WiFi stays as secure as it was before (read the code if you do not trust text on the internet :-))!

Qifi.org

Don’t worry: your access point information is not transferred over the internet. As this is open source at the time of writing the data was held in HTML 5 local storage on the local browser only and not transferred out.