Twitter: @ewenmcneill -- December 2020

Wed Dec 02 19:35:48 +0000 2020 (#)

Replying to @sophaskins

With the right artist’s statement I think you could swing that as an intended look :-)

The most awesome Zoom filter emergent behaviour I saw recently gave a similar effect, enhanced with a stars background! https://twitter.com/ewenmcneill/status/1332587995883393025

Thu Dec 03 07:22:31 +0000 2020 (#)

Replying to @voltagex

“Sing Easy” 😃

Thu Dec 03 07:26:43 +0000 2020 (#)

RT @linuxconfau: Limor “Ladyada” Fried, founder of Adafruit, will be a keynote speaker at http://linux.conf.au in Jan 2021. Limor will t…

Thu Dec 03 21:03:29 +0000 2020 (#)

#LCA2021 Systems Administration Miniconf CFP still open and would love your talk. Or your friend’s/colleague’s talk (please RT).

Submissions received by end of Sunday 2020-12-06 AoE will get an early response, next week. CFP ends 2020-12–18.

#linuxconfau https://sysadmin.miniconf.org/cfp21.html https://twitter.com/ewenmcneill/status/1331360151123628032

Thu Dec 03 21:22:50 +0000 2020 (#)

If you fondly remember 1980’s computer games, and especially their music, and have always dreamed of hearing the music played by a real orchestra, this is a KickStarter for you: 8-Bit Symphony Pro. (Last couple of days, nearly at its target amount.)

https://www.kickstarter.com/projects/8-bit-symphony/8-bit-symphony-pro-second-half-20-more-c64-epics

Thu Dec 03 21:25:53 +0000 2020 (#)

Replying to @ewenmcneill

It’s a “second half” (CDs 3 and 4 of the planned set), but there are bundles and add-ons where you can pledge for the full set of 4, and/or pick up other related game music conversions.

I was really pleased with the first half, and have pledged for the second too!

Thu Dec 03 22:21:33 +0000 2020 (#)

RT @thatcks: The sysadmin's lament: I swear, I thought this was a small rock when I started turning it over.

Fri Dec 04 06:51:14 +0000 2020 (#)

RT @DavidSteensma: Aspirin continues to be the most widely used anti-platelet agent, 125 years after its synthesis. But where did it come f…

Fri Dec 04 08:47:18 +0000 2020 (#)

Replying to @ExcitedLeigh

“Step 0: set your oven to preheat to 180C. Trust me on this, you’ll thank me later.” 😃

I think most recipes suffer from “written in the order the writer remembered the details, never tested by anyone else, or edited for parallelism”. Not everyone understands partial ordering!

Sat Dec 05 01:17:01 +0000 2020 (#)

Replying to @slyall

Martinborough is a bit over an hour’s drive to Wellington (in no traffic). About 15-20 minutes drive to Featherston, for commuter trains to Wellington. It’s a pretty trendy small town, so I’m not that surprised it went for a premium.

Sat Dec 05 01:19:59 +0000 2020 (#)

Replying to @slyall

Given the size, probably someone bought it as a “weekend bach” rather than planning to commute to Wellington daily.

But if you work in the Hutt Valley (ie before Wellington City on that road/rail line) I’m told the commute isn’t too bad (eg better than across Auckland :-) )

Sat Dec 05 07:57:59 +0000 2020 (#)

Replying to @pjf

Could you adopt a neighbourhood cat and just be that kind of defacto parent that has visiting and caring duties, but actually the cat lives somewhere else and has other care givers too?

Is polyamorous cat adoption like “cat sitting on steroids”? 🤔

Sun Dec 06 07:12:20 +0000 2020 (#)

Replying to @ExcitedLeigh

Or even in the browser: so if you accidentally closed the tab and then opened it again (eg from recent history) then your textbox contents got restored.

I have a reflex of “select all, copy” in text boxes when I’m editing non trivial text (eg ticket comments) for this reason.

Sun Dec 06 07:21:46 +0000 2020 (#)

Replying to @ExcitedLeigh

Definitely more difficult the more state is involved (beyond just plain text).

One can imagine an “undo” for “close tab” that restored all tab state though... 🤔

Probably only 1-2 closed tabs back at most. I’d even be fine with it being “reopened within 60 seconds”, for this.

Sun Dec 06 07:29:06 +0000 2020 (#)

Replying to @kattekrab

Airside transfers out of habit one assumes. But that presumably means “same airline”, who should have known.

I’m told in some countries without Government hotel quarantine set up you have 24 hours to get to your own “place to isolate for 14 days”; maybe travellers planned that.

Sun Dec 06 07:56:49 +0000 2020 (#)

Replying to @RealSexyCyborg

😮

There’s way fewer countries allowed to launch projects on KickStarter than I expected; looks like major English countries, Western Europe but not all of EU, Mexico, Hong Kong/Singapore/Japan. That explains a bunch of “Hong Kong” KickStarter projects. https://help.kickstarter.com/hc/en-us/articles/115005128594-Who-can-use-Kickstarter-

Mon Dec 07 05:27:41 +0000 2020 (#)

RT @spibblez: I created a tool for recovering passwords from pixelized images: https://github.com/beurtschipper/Depix

Mon Dec 07 10:00:43 +0000 2020 (#)

Replying to @apenwarr

U = BTL

• https://en.m.wikipedia.org/wiki/Better_Than_Life

Wed Dec 09 21:41:34 +0000 2020 (#)

Honestly can’t tell if I’m now getting InternetNZ themed phishing?! 🤔

(It arrived at an email address that’s not one I’ve given InternetNZ in the past several years, nor one I’ve used for DNS registrations. Bulk mailed via SendGrid, so it could be anyone.)

Wed Dec 09 21:45:37 +0000 2020 (#)

Replying to @ewenmcneill

There is no unsubscribe link either (in email headers or body), so that’s probably illegal in NZ too.

The footer details seem to match a website contact details of a business that claims to be in NZ (as is InternetNZ). So they both ought to be familiar with NZ law 😔

Wed Dec 09 23:12:11 +0000 2020 (#)

Replying to @ewenmcneill

I just got a second one to the same email address, sent a few hours later. Almost identical but for header/footer (and my MTA considering it more spam like, which seems fair).

Either phishing (!!), or someone didn’t even dedupe their “survey” list.

Wed Dec 09 23:14:17 +0000 2020 (#)

Replying to @ewenmcneill

I did report it to InternetNZ this morning (email to abuse@, postmaster@, office@, named person in survey mail). But haven’t yet heard back whether it’s phishing using their name, or a “legitimate” poorly done survey attempt.

Thu Dec 10 04:45:36 +0000 2020 (#)

According to an email reply from someone at InternetNZ it is a legitimate InternetNZ survey, and their first time partnering with AskYourTeam.

It seems like they heard my “looks like a phishing attempt” comments. So that’s good. https://twitter.com/ewenmcneill/status/1336788100886904833

Thu Dec 10 06:38:07 +0000 2020 (#)

“The First No L” is a really fun sudoku variant (where you can’t have a sequential set of digits in an L shape 😃).

I enjoyed “pair” solving it along with the video (sometimes I was ahead, sometimes catching up; sadly Simon didn’t hear my hints 😂) https://youtu.be/NM6DVYwPHj8

Thu Dec 10 06:45:03 +0000 2020 (#)

TIL that ext4’s habit of giving you a zero byte file instead of your data if a “power off” happens at the wrong time, interacts poorly with selinux’s booleans.local. But it only explodes on the next selinux policy update (or /.autorelabel) which rebuilds the selinux database 😬

Thu Dec 10 06:48:01 +0000 2020 (#)

Replying to @ewenmcneill

Because of this “explodes later” and a lack of older backups, we can’t tell when it got broken originally; it might have been weeks/months ago.

Fortunately that system is entirely Ansible built, so we may yet reinstall it from scratch; booleans.local wasn’t the only empty file.

Fri Dec 11 00:00:41 +0000 2020 (#)

Replying to @ewenmcneill

FTR, two people at InternetNZ have now contacted me. Yes it’s a legitimate survey notification, and they’re going to discuss the notification process internally (there seems to be agreement it could have been done better).

https://twitter.com/ewenmcneill/status/1336894813602422784

Fri Dec 11 00:02:41 +0000 2020 (#)

Replying to @ewenmcneill

Also FTR one of the InternetNZ people also provided context for why that address: they “tided up” a role address I used earlier in the year for something non-.nz related to my more general work address (rather than the non work address I’ve given InternetNZ this year, eg NetHui).

Fri Dec 11 01:40:04 +0000 2020 (#)

Via a really well written email from the Ministry of Health I’ve learnt the #NZCovid19 app is open source, on GitHub.

Hats off to the comms team and developers for that release and announcement.

https://www.health.govt.nz/our-work/diseases-and-conditions/covid-19-novel-coronavirus/covid-19-resources-and-tools/nz-covid-tracer-app/open-source-release-nz-covid-tracer https://github.com/minhealthnz/nzcovidtracer-app https://github.com/minhealthnz/nzcovidtracer-docs

Fri Dec 11 01:45:07 +0000 2020 (#)

Replying to @ewenmcneill

The #NZCovid19 app can now also use the Apple/Google Bluetooth anonymised contact tracing API on supported phones (eg had a software update installed since mid 2020). There’s now an app option to turn that feature on/off.

Adding that at source release time adds confidence 👍

Fri Dec 11 01:48:55 +0000 2020 (#)

Replying to @ewenmcneill

Release of the #NZCovid19 app front end source is under the AGPL license. Which seems a good choice too. Very impressed.

“The app has been released under the AGPL license. Works derived from it must also be released under the same license.”

Fri Dec 11 02:22:37 +0000 2020 (#)

We’ve just sent out early acceptances for the #LCA2021 Sysadmin Miniconf.

Still room for several more talks. And I’d like to hear 2020 admin war stories!

CFP closes just over a week from now, so “last minute” is this coming week :-)

#linuxconfau

https://sysadmin.miniconf.org/cfp21.html https://twitter.com/ewenmcneill/status/1334604191738707969

Fri Dec 11 06:55:30 +0000 2020 (#)

Replying to @merxplat, @ExcitedLeigh and @yaakov_h

To save time finding it, here are some links I prepared earlier (TL;DR: source for app is on GitHub, with code documentation in a repo along side.)

https://twitter.com/ewenmcneill/status/1337210509242691585 https://www.health.govt.nz/our-work/diseases-and-conditions/covid-19-novel-coronavirus/covid-19-resources-and-tools/nz-covid-tracer-app/open-source-release-nz-covid-tracer

Sat Dec 12 02:12:09 +0000 2020 (#)

The video from a 2 hour (semi-interactive, November 2020) Remoticon workshop on PCB reverse engineering is still well worth watching stand alone. Presented by @.TubeTimeUS who knows his stuff (eg he recreated the early SoundBlaster cards). https://twitter.com/hackaday/status/1333870178220838914

Sat Dec 12 03:42:49 +0000 2020 (#)

This 2019 talk about logical (newer model, ie non physical) CSS is a good orientation guide for how to think about modern, flexible, CSS layout design. I especially liked the explanation of inline and block relative dimensions and layout ordering.

(More resources ⬆️⬇️ thread.) https://twitter.com/rachelandrew/status/1334868122206162947

Sat Dec 12 04:29:18 +0000 2020 (#)

RT @fanf: https://ciechanow.ski/cameras-and-lenses/ - An explanation of cameras and lenses with interactive 3D graphics.

Sat Dec 12 06:08:15 +0000 2020 (#)

Ubuntu RAID10 discard 4.15.0-126 bug around fstrim (systemd weekly timer) discards affecting disks in RAID sets in mismatched ways. Apparently introduced by back port since -124. (Unclear if it’s just RAID 10, or also RAID 1.)

(Via NZNOG Slack.) https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1907262

Sat Dec 12 06:11:58 +0000 2020 (#)

Replying to @ewenmcneill

Look like they reverted the relevant back ported patches that “improved” discard in kernel package -128, released a few hours ago.

But suggestion from bug is if you’re potentially affected (-126, discards work on disks) then maybe disable fstrim.timer for a while.

Sat Dec 12 23:31:56 +0000 2020 (#)

Thread ⬆️⬇️

An important part of “fail fast” is realising that the approach you’re trying isn’t working out, and moving on to try something else. Early is best 😃

If you “can’t fail” (see thread), it’s no longer an experiment, it’s a “we burnt the ships” fight for survival. https://twitter.com/StanTwinB/status/1336945865970176000

Sun Dec 13 08:15:23 +0000 2020 (#)

Disappointed to discover that ANZ NZ card fraud prevention seems to have turned into something indistinguishable from phishing 😢

(Call from “Caller ID blocked”, asked for details to identify me; text encouraging me to call 0800 number not listed on ANZ site.)

Sun Dec 13 08:17:52 +0000 2020 (#)

Replying to @ewenmcneill

Ironically I think I know why fraud prevention are interested (crowd funding just processed, plus a few donations this afternoon). So it’s probably a legitimate check not phishing (and I’m on hold with the main ANZ NZ 0800 number).

But the difference should be more obvious 😔

Sun Dec 13 08:34:16 +0000 2020 (#)

Replying to @ewenmcneill

FTR seems it was a legitimate call/card block from ANZ. But not for the reason I’d guessed (they sounded okay with my transactions today).

Instead I seem to be the lucky recipient of a new credit card thanks to “some merchant” (unknown) being compromised. Fun 😬

Sun Dec 13 08:58:53 +0000 2020 (#)

Replying to @ewenmcneill

By the time the second person from ANZ cards called me to follow up and asked for the same information at least I recognised their voice. But they still wanted identifying information, despite having called me😔

Sun Dec 13 09:01:40 +0000 2020 (#)

Replying to @ewenmcneill

I did manage to find out the new cards come from my city, so hopefully the courier (which I insisted on, because Christmas is around the corner), is truly “next day” courier.

crosses fingers

Sun Dec 13 09:03:40 +0000 2020 (#)

Replying to @ewenmcneill

And I might need to go back to having credit cards from more than one bank. To avoid the “oops” that prompted the second phone call.

(I did have cards from two banks; they merged some years back... but apparently didn’t 100% merge my accounts when they said they did.)

Sun Dec 13 09:07:04 +0000 2020 (#)

Random suggestion for banks that need to call customers about things: provide a “call back” code that customers can enter on your main contact number at the point the Interactive voice system is prompting them to enter account details/reason for call. 1/2 https://twitter.com/ewenmcneill/status/1338034768970039299

Sun Dec 13 09:09:35 +0000 2020 (#)

Replying to @ewenmcneill

Then when that code is entered connect the call directly to the appropriate phone queue. That would have saved 25-30 minutes of hold time, and one bank staff member.

Also for customers with online banking, you can send “bank mail” with some context/confirmation. Just saying. 2/2

Sun Dec 13 10:21:55 +0000 2020 (#)

@swagbadge2021 out of interest how’d you get on with getting 5 minute / 30 minute talks approved by LCA2021 / AV team? We were told 45 minute and 20+15 / 15+20 minute pairs were the only schedulable combinations.

PS: your DMs do not appear to be open. Re https://twitter.com/swagbadge2021/status/1337999337398304768

Sun Dec 13 10:24:33 +0000 2020 (#)

Replying to @minxdragon

That’s a lovely photo! Thanks for sharing the rainbow :-) ❤️💚💙💜

Sun Dec 13 23:27:02 +0000 2020 (#)

Enterprise software: let’s publish a solution article instead of fixing the upgrade issue in the packaging. 😔

(AFAIK the solution is the same as on the mailing list. Apparently there’s an internal bug which is still open.) https://access.redhat.com/solutions/5543951 https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/FGNHGEFXAS37W6CD35NO3NZPKVR3VHU3/?sort=date

Mon Dec 14 08:02:02 +0000 2020 (#)

This is an interesting, if whirlwind, tour of the history of the Web PKI (ie browsers). And why the Web PKI decisions do not necessarily suit other Internet protocols with different requirements. Learn from what did/didn’t work and why, don’t just blindly copy in other contexts. https://twitter.com/sleevi_/status/1334253667512430595

Mon Dec 14 08:05:46 +0000 2020 (#)

Replying to @ewenmcneill

From the Q&A at the end it sounds like some of the historical details were somewhat disputed. But the major high points that shaped the Web PKI design seem to match the TLS/PKI history I know about. (IMHO, the Web PKI design shows “evolved” more than “designed”.)

Mon Dec 14 20:38:53 +0000 2020 (#)

Replying to @sleevi_

It’s pretty tricky to usefully discuss something being “totally wrong” in the context of a talk Q&A. Especially one online 😃

So I think moving on to other questions was the best option anyway.

Thanks for the talk, it’s good to have the line of history recorded in one place.

Tue Dec 15 01:02:20 +0000 2020 (#)

The #LCA2021 Sysadmin Miniconf schedule is about half full with talks, so we’d love some more people to present.

I’m still hoping someone is willing to share some “2020, the year that was” war stories: 15 minutes is a great length for a tale from the trenches :-)

#LinuxConfAU https://twitter.com/ewenmcneill/status/1331360151123628032

Tue Dec 15 03:17:03 +0000 2020 (#)

RT @evacide: I'm saving my "What about SolarWinds?" for the next time the FBI tries to tell me that backdooring end-to-end encryption will…

Tue Dec 15 04:43:46 +0000 2020 (#)

Replying to @freakboy3742 and @yaakov_h

😮

For real? Exactly 6 (six) character passwords? Online? In 2020? Am I missing some 2FA/MFA context that makes this okay?!

(I guess a mandatory hardware token and a 6 character password is better than most banks.... hopes there is a mandatory hardware token)

Tue Dec 15 05:55:07 +0000 2020 (#)

Replying to @yaakov_h

Oh no 😭

(I’m afraid to find out if this is true for Westpac in NZ too. hides in corner)

Tue Dec 15 08:49:11 +0000 2020 (#)

Replying to @LapTop006, @freakboy3742 and @yaakov_h

Apparently you can keep your existing password (“non-case sensitive”), and it “remains as secure as it was before”.

The last part sounds true, but is not the winning statement they appear to think it is 🤦🏻‍♂️

Tue Dec 15 08:55:11 +0000 2020 (#)

Replying to @ewenmcneill

This password shaming tumblr page (5 years old) about Westpac is too good not to record.

“We believe 6 characters is an appropriate length to protect and authenticate your online activity.”

Which it really isn’t. Even 5 years ago 😔 https://password-shaming.tumblr.com/post/134741858066/westpac-australia-a-bank-so-its-just-all-your

Tue Dec 15 09:03:42 +0000 2020 (#)

Replying to @yaakov_h

Looks like Westpac NZ passwords are 8-20 characters, case insensitive, including 1 letter and 1 number. Which is at least... not as bad. (Eg only 10-20 years behind best practice.)

https://www.westpac.co.nz/branch-mobile-online/online-banking/how-to/reset-password/

Tue Dec 15 21:22:23 +0000 2020 (#)

ANZ NZ: don’t disclose personal information to someone that calls you out of the blue.

Also ANZ NZ: calls out of the blue and asks for personal information, including full name and date of birth.

Do better @ANZ_NZ. Stop setting your customers up for phishing.

Tue Dec 15 21:23:32 +0000 2020 (#)

Replying to @ANZ_NZ

Prompted by apparently an ANZ staff member calling me from a “No Caller ID” number, asking my name, and then asking me to provide my date of birth.

Tue Dec 15 21:28:32 +0000 2020 (#)

Replying to @ANZ_NZ

And I think that phone call was in relation to a bank mail from ANZ where I was advised to ensure I used all my accounts regularly so “the accounts remain open and, can be accessed when you need to”. Which to me reads like a threat.

Tue Dec 15 21:31:07 +0000 2020 (#)

Replying to @ANZ_NZ

FTR I don’t know for sure what the call was about, because they wouldn’t proceed without me providing personally identifying information (“confirm your date of birth”).

Phone call as received 10:16 today to my cellphone (which ANZ does have).

Tue Dec 15 23:23:27 +0000 2020 (#)

Replying to @ANZ_NZ

No one calling me has ever mentioned Voice ID. Voice ID is not even mentioned in your phishing warning banner.

I’ve been told by ANZ staff (via other means) these were legitimate calls from ANZ.

Tue Dec 15 23:24:45 +0000 2020 (#)

Replying to @ANZ_NZ

Please understand that calling and asking for personal identifiable information is exactly how impersonation attacks gain the additional information they need.

ANZ should never be calling and asking for personal identifiable information.

Tue Dec 15 23:26:55 +0000 2020 (#)

Replying to @ANZ_NZ

Free alternative suggestion: call, provide a “call back ticket number”, ask customer to call main ANZ 0800 number and enter the call back ticket code after they have verified themselves. Then everyone is verified.

Or use bank mail. That’s why it exists. https://twitter.com/ewenmcneill/status/1338047778816081921

Wed Dec 16 00:21:22 +0000 2020 (#)

Replying to @ANZ_NZ

Thank you.

I’ve seen Sneakers “My voice is my passport, verify me” and it did not end well for the person supposedly protected by that voice phrase.

Calling a customer and asking them for their Voice ID provides a perfect opportunity for an attacker to record it. Just saying.

Wed Dec 16 00:23:18 +0000 2020 (#)

Oh no I’ve been reminded what ANZ NZ Voice ID is, and why I was repressing the memories.

“My voice is my passport, verify me.” — Sneakers

Wed Dec 16 00:25:45 +0000 2020 (#)

Replying to @ewenmcneill

Not recording the voice ID worked so well in Sneakers... not sure ANZ “you must not record your voice identification phrases” is the perfect solution they think it is 😢

Obviously someone phishing would call and ask for the Voice ID phrase. Just like ANZ apparently does 🤦🏻‍♂️

Wed Dec 16 07:12:05 +0000 2020 (#)

Replying to @TProphet

FWIW, it used to be a bit more forgiving, eg typing something 3 times that it thought was wrong and it’d accept you typed what you meant.

It seems way more stubborn in the last 12-14 months of iOS releases, sometimes even refusing to accept valid basic English words.

Wed Dec 16 07:15:07 +0000 2020 (#)

Replying to @TProphet

Generally my impression is that iOS 12 was quite a good release. iOS 13 has a bunch of UI/UX pessimisations, including stubborn autocorrect and hiding commonly used features (eg copy link, airdrop) deep in context menus 😢

(“Only going forward because we cannae find reverse.”)

Wed Dec 16 21:26:20 +0000 2020 (#)

I lost my saving throw against “you are a very naughty goose”, so now there’s a minimum value, maximum frequency AP scheduled generating transactions into the relevant account (it would have been net zero, but apparently I can’t AP transactions out 😢) https://twitter.com/ewenmcneill/status/1338959148575145984

Wed Dec 16 21:29:42 +0000 2020 (#)

Replying to @ewenmcneill

To the best of my recollection both accounts are “no transaction fees”, so the only cost to me was a few minutes to set it up.

I think the lesson here is “be careful what your KPIs are”.

cron scheduled keep alives FTW 😃

Wed Dec 16 21:42:32 +0000 2020 (#)

RT @tef_ebooks: thinking about that time i was in a meeting with amazon engineers, and my co-workers asked "what's serverless"

i said "per…

Thu Dec 17 00:14:13 +0000 2020 (#)

Approximately 48 hours to submit to the #LCA2021 Sysadmin Miniconf CFP. A draft submission with “details to follow” is great for now (and will be much harder to add later).

We could do with at least 4 more 15-20 minute talks. (“1 slide, no video, good story” works for me :-) ) https://twitter.com/ewenmcneill/status/1334604191738707969

Fri Dec 18 01:06:48 +0000 2020 (#)

Replying to @linuxconfau

FWIW the Miniconf submission forms were gone from the #LCA2021 site attendee “dashboard” by this morning (2020-12-18 NZDT, UTC+13, around 36 hours before the end of 2020-12-18 AoE — Anywhere on Earth — as there is a UTC-12).

So hopefully people were “quick” 4+ hours ago....

Fri Dec 18 02:06:29 +0000 2020 (#)

Replying to @ms_mary_mac and @linuxconfau

\o/

Thanks!

Fri Dec 18 02:07:24 +0000 2020 (#)

RT @ewenmcneill: Call for presentations at the #linuxconfau #LCA2021 Systems Administration Miniconf is now open (closes Fri 2020-12-18 AoE…

Fri Dec 18 23:23:42 +0000 2020 (#)

This is a really good (2019) talk, about the gulf between where infosec effort is focused (and why) and what really affects the general public. And how “private investigations” (ie lawsuits) mean the industry as a whole fails to learn and repeats mistakes. https://youtu.be/uohyx7OIugY https://twitter.com/alexstamos/status/1338531564179783686

Sat Dec 19 00:27:17 +0000 2020 (#)

RT @slyall: Lord of the Rings: How To Read J.R.R. Tolkien

Very good lecture about how the LOTR is written differently from most other book…

Sat Dec 19 02:55:24 +0000 2020 (#)

Product idea: forward replacement for credit cards (ie send new, cancel old when new received).

This would significantly improve on the current actual experience of “5 business days to receive replacement, no online purchases until then”. https://twitter.com/ewenmcneill/status/1338046920359493632

Sat Dec 19 02:58:43 +0000 2020 (#)

Replying to @ewenmcneill

That “5 business days” took 2-3 hours on phone with ANZ staff, 5+ ANZ staff, and 2 couriers to manage. Ironically the final ANZ call with the courier tracking number came a few hours after I already had the delivery (I read them the trwxkimg number instead 😂).

Sat Dec 19 03:00:07 +0000 2020 (#)

Replying to @ewenmcneill

FTR this was to replace credit cards I still had in my possession, which had never been out of my possession (ie they weren’t lost/stolen cards).

Sat Dec 19 03:07:35 +0000 2020 (#)

Ice cold take: the only widely successful innovations for online payments, in 20+ years, have been HTTPS and the 3-4 digit “security” code on the back of cards.

And the web industry has rendered HTTPS almost meaningless for verifying identity, compared with 20+ years ago.

😔 https://twitter.com/ewenmcneill/status/1340129759234125826

Sat Dec 19 03:11:19 +0000 2020 (#)

Replying to @ewenmcneill

Everything else has been pleading for merchants not to be so insecure (PCI) and “ambulance at the bottom of the cliff” (fraud prevention, including card, aka credential, reissue).

And has been counter balanced by most merchants wanting to store card details “for convenience”.

Sat Dec 19 03:25:55 +0000 2020 (#)

Replying to @ewenmcneill

*read them the tracking number

(I guess autocorrect gave up on that typing! Not deleting and reposting as it’s in the middle of a thread :-( )

Sat Dec 19 04:47:17 +0000 2020 (#)

Thank your everyone for your “last minute” #LCA2021 Sysadmin Miniconf submissions. With hours to spare (before 2020-12-18 AoE ends), it looks like we currently have enough content for a full Miniconf day phew

(Thank you also to those that spread the CFP word; it helped a lot.) https://twitter.com/ewenmcneill/status/1339363230867542016

Sun Dec 20 01:45:37 +0000 2020 (#)

Replying to @minxdragon

My guess is that people who grew up with letter grades at school insisted on them still existing, even if they were rather less meaningful.

(Looks to me like “C” = mid-range for school year, “B” = top of year range, “A” = in next school years range, D/E below similar amount.)

Sun Dec 20 01:49:10 +0000 2020 (#)

Replying to @minxdragon

But the previous/now bubbles show more information on progress than those letter grades. So the letter grades are redundant/not very useful.

And it looks like “straight As” is almost impossible now, whereas it was “expected” of bright/studious students before... so unhelpful.

Sun Dec 20 01:55:53 +0000 2020 (#)

Replying to @minxdragon

I suspect most children end up being “C average” in that system. Which given 100 years of meaning to “C” being something else is, I agree, Rather Unhelpful.

Possibly they should have called that level B, and A be “top of year” and “A+” being next year, but... grade inflation 🤷‍♂️

Sun Dec 20 01:57:48 +0000 2020 (#)

Replying to @minxdragon

Also FTR I agree with you the comments are the most important part. “Why” matters, and is potentially actionable (“here’s how you could help”).

But like online review ratings lots of people “want a number” not comments, no matter how meaningless 🤦🏻‍♂️

Sun Dec 20 02:02:14 +0000 2020 (#)

Replying to @minxdragon

Surprise hack for “doing well”: get held back a year, so you’re older than the rest of the children in your class, and independently learning ahead 😂

With a mid year birthday I was held back half a year, kind of, rather than accelerated ahead. Unclear if that was a good thing.

Sun Dec 20 02:13:17 +0000 2020 (#)

Replying to @minxdragon

Yes it’s a very tough “line call” on skip half year/repeat half year at the beginning. I’m not sure there are any good answers, as “ahead of everyone in learning” also gets perceived as, eg, “not paying attention” if the class is covering something one has already learned/read.

Tue Dec 22 07:55:50 +0000 2020 (#)

Replying to @minxdragon

For centuries managers and superiors have hidden behind general requests and not taken responsibility for the inevitable detail of how their requests were carried out.

“AI”/algorithms are the same thing, just with more automation. The algorithms were “just following orders” :-/

Tue Dec 22 07:59:04 +0000 2020 (#)

RT @minxdragon: Um. This thread is very adorable and clever and I like it a lot. https://twitter.com/Manda_like_wine/status/1340805858930864128

Tue Dec 22 21:34:58 +0000 2020 (#)

Replying to @RobLudwick, @esden and @crowd_supply

Yes, me too. The CrowdSupply interface doesn’t handle “all stock claimed” very well (including showing claimed items as “available” on front page).

Leading to line items added with zero quantity (and I saw -1 sometimes). Their checkout crashes on 0/-1 quantities 😂

Tue Dec 22 21:38:02 +0000 2020 (#)

Replying to @RobLudwick, @esden and @crowd_supply

I did eventually manage to order one early bird Glasgow (quantity 1) but not the early bird case.

(I’m debating ordering another regular one, but don’t really want doing that to result in my whole order being delayed until “May or later” despite paying for separate shipping.)

Tue Dec 22 21:49:15 +0000 2020 (#)

Replying to @RobLudwick

I eventually fixed that by setting the quantity to 0 in each item, doing update quantity, then adding items again. (With a few cycles as early bird kept vanishing; it’s all gone now AFAICT.)

Seemed like -1 quantity didn’t always show, but messed things up in the background.

Tue Dec 22 21:53:41 +0000 2020 (#)

Glasgow Interface Explorer early bird tier (qty 200/qty 50) sold out in about 45 minutes AFAICT.

Regular campaign priced Glasgow/cases are available for orders for about the next 6 weeks (estimated delivery around mid 2021). https://twitter.com/AttieGrande/status/1341490048655618051

Wed Dec 23 02:27:39 +0000 2020 (#)

RT @1bitsquared: We know, you have been waiting for Glasgow campaign for way too long -- we appreciate your patience! ;) One year later, on…

Thu Dec 24 01:02:53 +0000 2020 (#)

Presentation abstracts/biographies for the #LCA2021 Sysadmin Miniconf are now on our website (programme still in draft, hopefully published early January).

I’m looking forward to all these talks and wish we could give them more time to speak! #LinuxConfAU https://sysadmin.miniconf.org/presentations21.html

Thu Dec 24 01:12:16 +0000 2020 (#)

Replying to @ewenmcneill

Amusing fact: we have presenters in time zones between UTC-7 and UTC+13 (inclusive), for a UTC+11 conference. Including one talk from UTC+1.

Drafting a presentation schedule optimised for “speaker might still be awake” was a new challenge!😃 #LCA2021 #LinuxConfAU

Thu Dec 24 01:53:46 +0000 2020 (#)

RT @KWF: New YouTube video! You can get Qi wireless power receiver modules that output 5V and build them into your projects to make them wi…

Thu Dec 24 03:22:28 +0000 2020 (#)

“Reveal Invisible Motion With This Clever Video Trick” contains a bunch of interesting demonstrations of motion amplification (and colour change amplification) to make changes more obvious. Interesting to see how effective it can be. (June 2020 video.)

https://youtu.be/rEoc0YoALt0

Thu Dec 24 04:33:41 +0000 2020 (#)

“If Then Else had to be invented” is an interesting piece of programming language history. Talk from !!Con West 2019.

(It’s well worth the 10 minutes to watch; slide link in the quoted tweet. TIL “otherwise” was more common than “else” or “default”.) https://youtu.be/4A94JsWTXXw https://twitter.com/fanf/status/1338102168990183425

Sun Dec 27 23:23:14 +0000 2020 (#)

Replying to @ExcitedLeigh

Same ⬆️

(At this point I assume no matter what I do I’ll be autosubscribed to marketing when I buy something online. So I like it when I recognise the spam^wbulk mail platform used as one that does honour unsubscribes.)

Mon Dec 28 01:25:16 +0000 2020 (#)

Replying to @minxdragon

In one year three vaccines were made (for the same virus). And most of that time was testing and approval (all but a few days).

I’m rather impressed just how well we understand manipulating DNA/RNA now. (Virus strain tracing also demonstrates this.)

Mon Dec 28 05:37:27 +0000 2020 (#)

Videos from the CCC RC3 (Remote Chaos Experience) online conference have started appearing. Now it feels like the end of the year.

(Mostly “relive”, ie restream the version that went out live, at present, but trimmed recordings are usually out quickly.) https://media.ccc.de/c/rc3

Mon Dec 28 08:03:27 +0000 2020 (#)

TIL that Tom Jennings (who I know of from FidoNet many years back) also created the “work alike” PC BIOS that became the Phoenix BIOS for PC clones 😮

(Via @.doctorow talk at RC3.) https://www.eff.org/deeplinks/2019/08/ibm-pc-compatible-how-adversarial-interoperability-saved-pcs-monopolization https://en.wikipedia.org/wiki/Tom_Jennings https://media.ccc.de/v/rc3-11337-what_the_cyberoptimists_got_wrong_-_and_what_to_do_about_it

Mon Dec 28 08:09:14 +0000 2020 (#)

Replying to @ewenmcneill

In that same talk @.doctorow also quotes @tveastman (in abstract and video): "five websites, each filled with screenshots of text from the other four" (as per the screenshots attached here; ironically I think that quote is on many sites now :-) ) https://media.ccc.de/v/rc3-11337-what_the_cyberoptimists_got_wrong_-_and_what_to_do_about_it

Mon Dec 28 08:12:06 +0000 2020 (#)

Replying to @ewenmcneill

FTR on closer reading of the EFF article it looks like Tom Jennings did the BIOS reversing to create a specification which then allowed a clean room implementation. Not actually wrote the new BIOS software. (I’m still surprised it’s the same person in both contexts though!)

Mon Dec 28 23:53:35 +0000 2020 (#)

I finally realised that at least some of the Arabic spam I’ve been getting for ages is (a) delivered by Google Groups and (b) contains instructions to unsubscribe (via email) in the “footer”.

So I unsubscribed. (TBH I’d prefer if Google was a less willing spam relay :-/ )

Tue Dec 29 22:12:34 +0000 2020 (#)

RT @sommertothill: I think about this all the time. Age will render every single one of us less mobile, less strong, less pain-free and l…

Tue Dec 29 22:14:41 +0000 2020 (#)

RT @GregDavill: In case you've missed it. We're running a groupbuy for manufacturing the first batch of the ButterStick. A compact Lattice…

Tue Dec 29 22:37:46 +0000 2020 (#)

Replying to @SophiKravitz

Hopefully it’s an external pin on the component and you can run a direct wire as a replacement as others have said. It’s a common retro computer (ie old PCB) fix.

If it’s a pad for a BGA/CSP internal pin you probably need Bunnie to run the fly wire :-) https://mobile.twitter.com/bunniestudios/status/1111586205638918144

Tue Dec 29 22:44:02 +0000 2020 (#)

RT @sophywong: OMG SO GOOD Absolutely living for all this robot dancing joy!!! ❤️🤖💃🏻🕺 https://twitter.com/BostonDynamics/status/1343999009984307202

Tue Dec 29 22:49:21 +0000 2020 (#)

Replying to @sophywong

This ⬆️.

TBH this demo impresses me way more than the uneven ground ones. Dancing, especially to legit dance steps/beat involves a lot of fine control/adjustments of balance and weight distribution. Those dynamic balance feedback loops are amazing 💚

Wed Dec 30 23:56:37 +0000 2020 (#)

The “LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection” talk from RC3 has the production quality of a movie, with the technical detail of a security talk 😮 (It even had a teaser trailer on YouTube!) https://media.ccc.de/v/rc3-11365-lvi_hijacking_transient_execution_through_microarchitectural_load_value_injection https://youtu.be/baKHSXeIIaI

Thu Dec 31 01:22:05 +0000 2020 (#)

Replying to @pjf

Random thought: it’s a leap year. So we’re more than 365 days from the start of the year... 😂

Thu Dec 31 05:30:30 +0000 2020 (#)

Replying to @minxdragon

Having seen “War Games” and 2019 style Gender Reveals I’m now very concerned... how about a nice game of chess? ;-)

Thu Dec 31 05:49:10 +0000 2020 (#)

Replying to @yaakov_h, @developerjack and @pjf

The quote from Apple that this is expected behaviour stood out for me: ie in some locales Thursday is the pivot date for determining the “week, and in other locales it’s Saturday. TIL.

Thanks for the research and writing it up!

Thu Dec 31 05:51:18 +0000 2020 (#)

Replying to @ewenmcneill

Payroll systems are the main use of “week years”. (Payroll is fied with weird boundary cases; one of my clients makes non-trivial money just rerunning holiday pay calculations for people :-) )

Week years are probably the wrong thing outside of that special use case... 🤔