activistPnk

RFC 6350 has a “Security Properties” section which only has a “KEY” field. Public keys tend to be huge; likely too big for a Vcard that will then be encoded as a QR code that needs to fit on a business card. Also too big for a Vcard that would be SMS-transmitted. And it does not take much to throw LaTeX’s QR code package out of bounds:

ERROR: TeX capacity exceeded, sorry [main memory size=5000000]

It would be far more sensible in most cases to include a fingerprint of a public key, which is just a reasonably short hash of the key. But strangely, RFC 6350 seems to only define a field for whole keys. I thought surely I must be missing something. But indeed it’s an oversight. Someone else noticed the problem as well:

https://www.av8n.com/computer/htm/distributing-keys.htm

A fingerprint can probably be stuffed ad hoc into the NOTES field. But without structure it’s not so easy for the person importing the Vcard.

John Denker proposes a reasonable hack for PGP users. But is there nothing for OMEMO fingerprints that an app like #Snikket can make easy use of?

Update

Apparently there is a URI standard format for specifying an OMEMO fingerprint which resembles something like this:

xmpp:[email protected]?omemo-sid-123456789=A1B2C3D4E5F6G7H8I9…

So although there is no vcard integration, there is at least a way to do a separate QR code.

I have 3 fingerprints (one for each XMPP device) and it would not be ideal to have 3 separate QR codes. This vague bug report seems to suggest multiple fingerprints can be concatinated in a single record.. or is the author requesting that?

The command xmppc -m omemo generates URIs, but it produces a separate record for each fingerprint.

Sometimes a gmail user sends me an email. I object to that. In principle, I need be able to tell Google that I do not consent to them processing my personal data whatsoever.

If one of their users addresses an email to one of my email addresses, I do not want Google to store the message or even transmit it. They must refuse to handle my personal data, and thus refuse to process email traffic involving my email address.

I believe this falls under GDPR Art.18 or 21. But the question is, how can I submit my GDPR request to Google? I can write them a letter but I do not want Google to get my address. I don’t even want Google to know my name. The only thing I want Google to know is my email address, so that Google’s mail servers can refuse mail to that address. But the mere act of submitting a GDPR request inherently requires data subjects to prove their identity to data controllers.

cross-posted from: https://slrpnk.net/post/21637924

A box of really old TomToms (softball sized) appeared at a street market a year ago, two for a dollar. I doubt anyone was interested in any and I doubt the seller would bother to return with them. They were probably be wasted.

In principle, old TomToms could be used to feed a smartphone. If you use a smartphone for navigation, these components compete to suck the battery dry:

• the color LCD
• GPS radio receiver
• WiFi¹
• GSM¹

(1) only applies to Google boot-lickers who enable location tracking in order to avoid the wait to acquire satellites.

The GPS is a significant drain because it’s heavy on non-stop calculations, which generates heat (wasted energy), and the heat itself hits the battery even harder.

We can do better. TomToms with bluetooth tend to suppot NMEA (I think). So the old TomTom w/outdated maps could be used purely to get a fix using its own battery supply, which it then transmits over bluetooth. So you toss TT in your backpack. Disable the GPS on your smartphone and enable bluetooth. Bluetooth is like 1 tenth the energy consumption of GPS. Then you enable mock GPS in advanced settings and run a FOSS bluetooth app that serves as middleware to feed the mock location.

The problem: OSMand and Organic Maps are both incapable of using mock GPS locations. And even if they add the capability, it would only be in their recent version which has already left behind older phones. (edit: well Organic Maps is not that bad… their latest version supports AOS 5)

Refusing to support Google means using airplane mode with location svcs off and being wholly dependent on GPS. And for whatever reason it takes me around 20—30 min to get a fix despite being in a large major city; every time. This must make Google happy. The old TomToms were faster at getting a fix. IIRC, they would take 20—30″ only the first time but quickly got a fix after subsequent power cycles in the same area thereafter.

Smartphones have the sensors to do inertial nav if you calibrate a starting point. But the apps don’t have their shit together yet. I vaguely a recall a FOSS app doing inertial nav, but not too useful if it results in a mock location that OSMand cannot handle.

As I was passing through Amsterdam, OSM lied to me several times. I don’t have the tools and means to correct the maps for various complex reasons starting with not having a good Internet connection, but really an Amsterdam local should get involved anyway because I’m not sure of all these problems.

Misinfo:

• Brouwerij Troost (52.36616°N, 4.87318°E) ← shutdown
• Manamana (52.35410°N, 4.89033°E) ← apparently shutdown; someone should verify
• Hecke Electronica (52.35243°N, 4.88725°E) ← shutdown; owner retired. It should be updated to say “/Formerly/ Hecke Electronica” until something replaces it
• Flower Burger (52.37226°N, 4.88566°E) ← replaced with a /cashless/ croissant shop.
• CT Coffee & Coconuts (52.35267°N, 4.89150°E) ← replaced with another similar shop. Not sure if other Coffee & Coconuts locations closed or just this one.

Missing info:

• Bierfabriek Amsterdam (52.37007°N, 4.89375°E) ← cashless¹!
• Brouwerij De Engel (52.37007°N, 4.89375°E) ← building is rightfully unnamed since the brewery was only there a couple years before bankruptcy. It should be updated to say “/Formerly/ Brouwerij De Engel” so people actually know the brewery is no longer there, until something else is established there.

¹ When a cashless merchant sells alcohol, it’s a trap and an injustice. Having records of alcohol consumption stupid and reckless because it denies consumers their GDPR Art.5 right to data minimisation. And it has consquences. E.g. a scandinavian home buyer was denied a loan because the bank discovered he bought alcohol regularly. Anyway, there will always be dumb consumers who pay for alcohol electronically, but in the very least OSM should mark cashless bars as cashless so wise consumers can easily avoid them. I walked out of my way to visit Bierfabriek only to discover they were cashless. Unlike other cashless bars, they were at least diligent about posting it.

IBM Thinkpads have a cult following in part due to not just a good design out of the gate, but the fact that the original designer refused to bend to pressure to change the design every year. The parts are interchangable to large extent between models spanning what, 3—5 years? The guy was under constant pressure; was told to give consumers something fresh by changing up the design. Luckily wisdom prevailed and he disregarded such reckless advice by responding with the mantra: ”if it ain’t broke, don’t fix it!”

I’m happy to buy Thinkpads over 15 years old, often sold for ~$10 on the street, because if something is broken or breaks it can still be used for parts to fix other models of Thinkpads from roughly the same decade.

Lenovo acquired Thinkpad from IBM and gradually fucked it up around the T410 or T450 models as they gave in to the demand of consumers giving a shit about shaving off every gram of weight possible at the expense of ditching rugged rollcages and ditching features like optical drives. Watch some videos of people trying to simply remove a keyboard from a T450 to see what I mean.

Whirlpool also has a reputation for not radically changing the design of internal components. I called a repair shop over a washer or tumble dryer that was like 15 or 20 years old. They said at that age, if it’s not Whirlpool they won’t even show up because when the parts change every year then spare parts quickly become unavailable (of course before people start needing the spare parts). They said Whirlpool is an exception because the same parts will be used for a decade or more, which then justifies the business of making spare parts for a prolonged time (I imagine as well the aftermarket likely thrives too).

Grain of salt though because I heard Whirlpool doesn’t always put their label on their own products and Whirlpools also end up getting labeled as Sears Kenmore. If Whirlpool rebadges something else as Whirlpool, how could the design have consistency w/other Whirlpool machines? Anyway, it was just an example and possibly flawed based on one repair shop’s opinion.

The problem -- no metrics

This is all just tribal knowledge propagated ad hoc by word of mouth. The masses don’t generally know this shit and probably most of them don’t care. I think Whirlpool and Thinkpad were not even diligent enough to advertise it. Maybe they did not even know in advance they would have design consistency over the years. Perhaps if they advertise: ”uses the same motor as previous 6 models”, they would fear that it would chase away foolish consumers who would regard that as ”old”, unevolved, or non-innovative. Those same stupid consumers who are brainwashed to chase “latest and greatest” are why we face so much unrepairable garbage on the market.

Since no one tracks design stability/consistency over time (not even Consumer Reports or similar orgs), there is no incentive for manufacturers to try to satisfy the unknown & unmeasured demand that no one is looking at.

cross-posted from: https://slrpnk.net/post/21474523

Youtube was originally a match-making/dating site. Sadly it expanded beyond that into a technofeudal fiefdom that takes 45% of ad revenue from contributors. YouTube has amassed a rich collection of repair videos, both general repair and specific repairs to specific problems on particular appliances. It guts me that a protectionist unethical surveillance advertiser has exclusive control over repair information that they have jailed, restricted access to, and held hostage from all but their boot-licking pawns (3 billion of them). Google has recently locked down the platform to prevent the Tor network for fetching the content while also going around with a stick to swat the Invidious nodes that make fetching videos possible.

Google’s assault on user freedoms has ensured (for example) that I cannot go to the library (which has an uncapped Internet connection) and download videos covering how to repair my appliances so that I can go home and play them while repairing, as many times as needed. Google expects me to either drag my whole washing machine into the public library, or to memorize the steps. Try memorizing the steps to fix a Canon paper feeder. It’s probably 100 or so steps; so many steps that there is even a separate re-assembly video.

It is unreasonable to demand that repairers:

• have an uncapped internet connection at home
• watch copious commercial ads (some of us are ethically opposed to advertising)
• support Google (we should have a right to boycott companies that were fined $170 million for collecting data non-consentually and exercising that right should not block repair when repair is in the public interest to avoid e-waste)

What is the fix here? Libraries are blocked by copyright that is designed to feed Google’s greed for ad revenue. Even if we could ask local govs to declare Google’s copyright on repair videos unenforcable, the videos still need to be obtained.

I think we need to invent a tech solution. Such as an app that combines the concept of bittorrent with a YouTube API whereby every peer who manages to access a video seeds it as a torrent and also grabs the transcript in a text file.

Any ideas what could reasonably be asked of a local gov to address this problem? In principle, it should involve public libraries because Google has ruined the service of the public library in this regard.

cross-posted from: https://slrpnk.net/post/21474519

Not sure if a local gov could get away with this. Is it sensible to ask the local gov take formal actions to declare copyright as unenforcable on things like service manuals and wiring diagrams, which product makers protect almost like trade secrets? It’s not likely enforced anyway, but a formal step would be needed before leaked service manuals could be distributed by public libraries.

In the EU, manufacturers must share repair docs with third-party /insured/ repair professionals (not consumers) for some specific products like washing machines.

Using a stick

Would it be sensible for a local law to require those professionals who have privileged access to repair docs to share whatever they obtain in the course of their work with a public library?

using a carrot

Would it be sensible for a policy to compensate professionals who have privileged access to repair docs for sharing whatever they obtain in the course of their work with a public library? It could be abused. E.g. an appliance repair shop could submit multiple wiring diagrams for the same product as separate submissions if they are (e.g.) paid $/€ 50 per submission.

If the carrot and stick are both used, repair pros could get 50 for the first submitted doc for each model, but then have a mandate to supply any additional docs they receive for that model without further compensation. Maybe that’s too detailed for a petition.

Right to repair laws are very slowly emerging at state, national, and international (EU) levels -- to a paltry and nearly useless extent, I must say.

The question is, what can be done by regional/local governments who seem to just be passively sitting on this? What should we petition for locally, as the state/national/intl efforts continue to be a shit show? Small local govs would not likely have the power or influence to twist the arms of product makers. But it seems we should be demanding they do something.

My brainstorm so far, captured as a link farm:

• enhance repair cafés
• provide free repair training
• provide access to repair tools
• write a piracy exception into law for service manuals and wiring diagrams
• take a jab at Google’s gatekeeping of repair videos - how?
• make junk yards public access by mandate
• implement a public DB that tracks appliance disposal and sends notifications to repairers
• implement a public DB that tracks instances where manufacturers refuse to disclose docs
• somehow stop the pratice of charging as much to merely look at a broken machine as to replace it

Tl;dr: deliver snail-mail by hand

Most corporations and gov agencies have outsourced email service to a highly unethical corporation (Microsoft). Every time you send an email to a recipient who uses MS for email service, you feed profitable data to a surveillance advertiser who snoops on email payloads for profit. You also reveal to the recipient your email address which they can use to feed profitable data to the surveillance advertiser beyond your control for an indefinite time.

It’s baffling how many people think this is a good idea.

As a Microsoft boycotter, I have naturally reverted back to old-fashioned snail mail. If the recipient is in my city, I personally hand-deliver the letter to their mailbox. Costs me nearly nothing. The recipient who is typically a gov agency or corporation is generally forced to respond using the national postal service (as I withhold email addresses from the correspondence). And rightfully so. It’s an extra perk that they pay a built-in postage penalty for poorly choosing their email provider.

This has been working well for me¹. I spend nothing if the recipient is in cycling range, and the recipient helps fund the national postal service when they respond using an option that is increasingly under the threat of mass digitization by privacy adversaries (MS and Google). Case in point: Denmark ends postal service this year, so it’s already too late there.

To verify whether the recipient’s email traverses a surveillance advertiser:

torsocks dig @8.20.247.20 -t mx -q "$domain" +noclass +nocomments +nostats +short +tcp +nosearch

where $domain is the domain portion of their email address. This command will check whether their vanity address is Microsoft or Google in disguise -- which is usually the case. It will usually output “yada yada outlook yada yada” to indicate Microsoft.

If you live remotely, can’t cycle, etc, then stop being cheap and buy stamps. They are cheaper than your Internet subscription which leaves you feeding surveillance advertisers.

¹ Exceptionally, one recipient went to the trouble of collecting my email address from a 3rd party without my consent in order to respond to my snail mail via email hosted by their surveillance advertiser. They naturally received an instant GDPR Article 17 request to erase my email address at that point along with a notice that they violated Article 5 (data minimisation).

The background is here. In short, an SSD with the “Apacer” brand froze itself into read-only mode, presumably due to reaching a point of poor reliability.

The data on the drive is useless. It was part way through installing linux when it happened. I would like to reverse that switch to make one last write operation (to write a live linux distro), which thereafter can be read-only.

I have heard some speculation that the manufacturer uses password to impose read-only mode. If true, then the password would be in the drive’s firmware. Does anyone know what Apacer uses for this password?