isithran reshared this.

mastodon - Link to source

I reported an insecure DKIM key to Deutsche Telekom / T-Systems. They first asked me to further explain things (not sure why 'Here's your DKIM private key' needs more explanation, but whatever...). Then they told me it's out of scope for their bugbounty.

I guess then there's really no reason not to tell you: They have a 384 bit RSA DKIM key configured at: dkim._domainkey.t-systems.nl

384 bit RSA is... how shall I put it? I think 512 bit is the lowest RSA key size that was ever really used. 384 bit RSA is crackable in a few hours on a modern PC (using cado-nfs). The private key is:
-----BEGIN RSA PRIVATE KEY-----
MIHxAgEAAjEAtTliQYV2Xvx1OGkDyOL799BTFEuobY2dn2AgtiKCQgrh78NVK1JK
j0yRXgNnPpGBAgMBAAECMF0t+TBZUCi8xATSMij7VLTxv5Xi5OIXesNiXOKtYIRP
LkpYfR5PggaMScfbmqSssQIZAMwOhm9d7Y7Qi7I2j1AlYbiqdtqO54T7FQIZAONa
9dJFkC6lM3EPXR+0SZ4dqwwpiM0nvQIYYgz8thi5JK264ohq9sTvnu9yKvUN9I09
AhgfgMYZKcxtujRjkSZtMzUUNLYzzDmJe90CGDKwqcBI0v9ChaR8WHht+/chMdxj
7ez94w==
-----END RSA PRIVATE KEY-----

in reply to badkeys

sharkey - Link to source

niconiconi

384-bit RSA is a ~116-digit decimal number. You know it's insecure, because factoring special long decimal numbers of cultural or meme significance has been a niche hobby since the year 2000 by Makoto Kamada, among others. We were the main users of these crypto tools when nobody was cracking any keys. The factored numbers typically have ~200 to 300 digits. I personally factored the number 23333....333333 (203 digits) in 2018 using GGNFS-0.77.1 + msieve 1.51 after running it for 254 hours, the answer was 13249578499 x 141923698309 x 341814137379262820703619531241772438672418960504220543 x 36301935597796613387875174789602896631621794317547997731884133406295200433460476448871588607865425544775288572131035081371416741.

STUDIO KAMADA

stdkmd.net
isithran reshared this.

mastodon - Link to source

FSL and BSL belong on any list of false-promise licenses:

They are not open source. They are restrictive source-available licenses dressed up with “open” language.

Reading the code is not enough. If users cannot freely run, use, or build on the software because of field-of-use or competition restrictions, the software is not open source.

Marketing it as “open source” or even putting “open” in your name is misleading twice: first in the license, then in the messaging.

#opensource #fauxopensource #license

FSL

The Functional Source License (FSL) is a source-available license that converts to Apache 2.0 or MIT after two years.
fsl.software
#opensource #license #fauxopensource

isithran reshared this.

in reply to Alexandre Dulaunoy

mastodon - Link to source

Max Mehl

And it's made worse by the fact that BSL as an identifier is actually describing another license (boost software license, OSI approved), which is why the Business Source License has been given the SPDX ID BUSL.

More than once I had people coming to me saying that Business Source License isn't as issue because BSL is marked as OSI approved on the SPDX license list 🙄

Alexandre Dulaunoy reshared this.

friendica (DFRN) - Link to source

Wanna make your grub sound like you're starting a PC in Pokemon?

GRUB_INIT_TUNE="960 2050 6 0 2 1025 1 512 1 680 1 512 1 1025 1 512 1 2050 1 512 1"

Demo: breadmaker.github.io/grub-tune…

isithran reshared this.

mastodon - Link to source
Looking for folks maintaining iot4pi LoRa gateways in Austria, there are two bugs affecting APRS messaging in the rest of the world: github.com/begass/LoraAPRSGW/i… - Discussion: groups.io/g/APRS/topic/another…

begass/LoraAPRSGW

LoRa APRS Gateway (Sascha's iot4pi version) . Contribute to begass/LoraAPRSGW development by creating an account on GitHub.
GitHub

reshared this

isithran reshared this.

mastodon - Link to source

You know that “stop forcing AI into fucking everything” graphic that went around on here?

I bought the t-shirt. I get a lot of compliments on it.

The only negative response was from a friend who works for McKinsey. She read out the “everyone hates it” and said, “do they really, though?” as we stood near the check-in table for an event, and three people in line turned around and said, “YES!”

reshared this

isithran reshared this.

mastodon - Link to source

Dis moi Masto, tu as déjà candidaté à des marchés public et utilisé le système de certificat-électronique-à-la-con en étant sous Linux ? À priori il y aurait des soucis sous linux (certificat sur clef usb😱 ), et comme le certificat est payant autant savoir avant d'acheter...

Le repouët rend le poil soyeux.

#MarchePublics #linux #certificat

#linux #certificat #marchepublics

reshared this

isithran reshared this.

mastodon - Link to source
Les deux qui font la paire.
Pour la semaine de lancement du livre de Francesca Musiani "La politique dans les réseaux" sur cfeditions.com
emportez en plus "Cyberstructure" de Stéphane Bortzmeyer.
15% de remise jusqu'au 13 février (41 € au lieu de 48 €)

C & F Éditions

cfeditions.com

reshared this

isithran reshared this.

glitchsoc - Link to source
The media in this post is not displayed to visitors. To view it, please go to the original post.

The little Meshtastic node inside of my ThinkPad T420s is surprisingly good (one of the antennas measured quite well for the frequencies used, so I wired it in. I assume it was meant for GNSS? Or UMTS?).

The PCB is a quick custom design I whipped up in EasyEDA to connect an ESP32-S3 with an SX1262 radio chip. It uses the USB pins of the MiniPCIe slot originally intended for a WWAN modem in this laptop :3

reshared this

in reply to merely a pathfinder

glitchsoc - Link to source

Doridian

@liv I doubt you'd be able to fit these two modules into the expansion card slot. However, someone else made an expansion card PCB prototype (and some PCBs from it) that does work: gitlab.com/SillieWous/Framewor…

If you want to make your own, I'd base off of this, but change the MCU to like an RP2040 or RP2350, something that can run the full FW unlike the MCP2210 (even though the MCP2210 can work if you run the Meshtastic portduino firmware or similar)

Power-wise, 5V1A easily, I'd suspect it fits within the 500mA envelope just fine as well (especially given the ESP32 doesn't need to turn the WiFi hardware on, only Bluetooth if any wireless at all).

Should you want to draw anything from my design, here's the EasyEDA export: github.com/Doridian/meshtastic…

Sil Schouten / Framework ExpansionCard LoRa · GitLab

GitLab.com
GitLab
@merely a pathfinder

friendica (DFRN) - Link to source

PR merged today ✅
RMS Gateway no longer depends on Python 2 \o/
github.com/nwdigitalradio/rmsg…

Next step: fixing the small details and automating most of the install scripts to make the debian package happy.

Upgrade maintenance scripts from `python2` to `python3` by dscp46 · Pull Request #19 · nwdigitalradio/rmsgw

Hi team, Here is a PR to close Issue 18. I've run it on my VHF gateway, and it seems to pass smoke tests. Best regards,
GitHub
isithran reshared this.

mastodon - Link to source

#Google trips over its own words, when they sell you #Android it's the best computing device in the world that does everything. After you bought it Google doesn't let you do anything *you* want to.

#Sideload is a made-up term. Putting software on your computer is simply called “installing”, regardless of whether that computer is in your pocket or on your desk.

What Do You Talk About When You Talk About Sideloading?

What does Google?

Here's #FDroid: f-droid.org/2025/10/28/sideloa…

What We Talk About When We Talk About Sideloading | F-Droid - Free and Open Source Android App Repository

We recently published a blog post with our reaction to the new Google Developer Program and how it impacts your freedom to use the devices that you own in th...
f-droid.org
#fdroid #google #android #sideload

reshared this

friendica (DFRN) - Link to source
pam_bcpasswd lives! (^o^)
Now you'll be able to avoid transmitting your password in clear text over the air, especially useful if you have a backup access over AX.25.
I need to check if I can use it directly with axspawn during the initial authentication...
Sources to be published once the debian package can be built.
I've got a few ideas for secure password rotation (using OPAQUE) and to implement a 3-way alternative of SCRAM to provide mutual authentication :3c
A screenshot of a build of the module, its installation and of a successful pamtester test.

reshared this

in reply to polprog68k

friendica (DFRN) - Link to source

isithran

It works like the original challenge-md5 mechanism in axspawn: it issues a random challenge (size adjusted to provide better randomness), and then checks that ascii-hex(md5(concat(challenge,password))) matches.

In terms of security, this is far from being perfect (which is why I'm hoping to replace it by SCRAM in the long run), but at least it's better than cleartext password or baycom authentication, for now.

isithran reshared this.

sharkey - Link to source
中国官方宣传账号的言论的消失速度,有时候比公知被封还快。几年后搜索一下,只能找到一堆没有出处的批评,成了虚空打靶。各位网民们下次开喷之前,别忘了附上其引用言论的完整出处(日期、内容、媒体、作者、链接),并顺手存档一下:要么把链接提交 archive.org,要么附带完整原文或者截图,即起到了“示众”的作用,也为后来人留下线索。无论作者、读者个人什么立场,都只有好处。

isithran reshared this.

in reply to Orca 🌻 | 🎀 | 🪁 | 🏴🏳️‍⚧️

sharkey - Link to source

niconiconi

还有微博之类有高度访问限制的的言论也需要存档,唯一的解决方案是本地用 Headless Browser 直接把所有网络请求录制下来,再存 DOM + 截图。如果遇到社会、政治争议性非常强的言论,我甚至觉得有必要把整个 TLS 会话与 pcap 与 TLS session key 都录制下来,用站点证书证明真伪。开发这一套工具的工作量想必是巨大的,技术原理不难,但实现很难做出来。

friendica (DFRN) - Link to source

Currently working on an ALS162 time receiver. Getting my paws on NF C 90-002 really helped to think of an easier strategy to acquire and sync with the signal.

Turns out this signal is a 40Bd 3-state TCM.

First step, however, is to write a stub that will generate a baseband clone of the signal. For now I'm able to generate a static frame. The scrambler is implemented, and I'm working on the CRC-13.

An oscilloscope trace of the PPS and ALS162 time signal that mimics a frame shown in Henning Maier's slides for his GRCon'23 presentation: "ALS162 Time Signal SDR Receiver for GNU Radio".
An oscilloscope trace of the PPS and ALS162 time signal for a 58th second with a 0-bit in the timecode part, the sync packet and ALS Identifier.
Zoom on the previous trace to show the rising edge of the PPS signal complies with ALS epoch specification in NF C 90-002.

Phil M0OFX reshared this.

in reply to isithran

friendica (DFRN) - Link to source

isithran

Honestly, the choices that were made are quite elegant, imho: out of 9 phase transitions, you can recover up to 4 bits in 4 cases, more than 1 bit for 4 others, and the last, which is the XOR of the 3 previous bits.
This means you can recover erasures in many cases ✨💜✨
Phase path truth table, associated to a phase transition diagram.

reshared this

in reply to Andrew Zonenberg

mastodon - Link to source

Simon Richter

@azonenberg exacty — also, DTBs don't know how much RAM you have, the board revision, ... It's just unmanageable for users.

RISC-V, in the spec, say that the DRAM init code shall deliver a device tree to any later stages, with the hardware inventory hardcoded,

In practice, I need U-Boot specifically to patch the broken device tree. If it were correct, I could use Linux directly after the DRAM init code.

@Andrew Zonenberg
in reply to Simon Richter

mastodon - Link to source

Andrew Zonenberg

@GyrosGeier > how much ram

Isn't that the whole point of SPD (since PCs ~always used DIMM/SODIMM based memory)? You just need some board-independent init code that reads the eeprom from each slot, figures out how much is there, and brings it up.

I don't see why you need per-board firmware when the entire point of the eeprom is discoverability.

@Simon Richter