Reader

---

Куче се отглежда, за да те “лае” по пътя ти в отвъдния свят. ~prof.

---

Being an anarchist is often misunderstood. Many people think it's about breaking all rules and creating chaos. Additionally in my country, even mainstream media are mistakenly saying vandalism is equal to anarchism. This make me shake my head as they don't understand what anarchism really is. I've been practically doing anarchism value in my immediate social circles. I contribute to education, I reject about structural group in college especially for making decisions and I educate people about abstaining from political participation because no politicians can truly be trusted. I often share my thoughts on social issues from an anarchist point of view. Like most anarchists, I believe in building a society aligned with anarchist values. But still, I don't want anarchism to be applied in our society yet, in any state. Why?

Too Extreme for People to Accept

Anarchism is seen as “too far left” ideology, unlike socialism or communism, we reject hierarchical rulers. Everyone should be treated equally and all opinions should matter (as long as they're logically sound). But most countries today are run by conservatives who uphold capitalism, which is the complete opposite anarchism. These governments are elected by the conservative citizens, so the system and the people share the same ideology. Which makes it harder to spread anarchist values. By definition, conservatism is a commitment to traditional values and ideas with opposition to change or innovation. Capitalism has been dominant for over a century. That's why people fear radical change. Which leads to the next point.

Historical Failures of Leftist Ideas

The Soviet Union was once the biggest leftist state in the world and it collapsed. Many people now see that as proof that leftist ideologies don’t work. They say systems like socialism or anarchism are too utopian to survive in the real world. Because of that fear, anarchism is seen as unrealistic, even dangerous.

Anarchism Is Misunderstood

This ties into ignorance and media literacy. Many people think anarchism means “no rules” e.g. total chaos, violence, people killing each other. That’s NOT what anarchism is. As I mentioned earlier, the media here even label May Day protests as “anarchic” just because of vandalism or people spray-painting walls. That’s not anarchism, that’s just destruction. These false narratives shape public misunderstanding.

Bad People Still Exist

This is the main reason I don't think anarchism can work right now. There are still people who will take advantage of others if laws don’t exist. Legal systems, even if flawed, can still restrain some bad behavior. But in a world without written laws? Those people would feel free to exploit, harm, or abuse others. It’s like saying morals come from religion. If religion disappears, would some people suddenly start robbing, raping, or killing? That’s the scary part.

People today still need to learn how to be decent human beings and open themselves to new perspectives. Only then can we start introducing anarchist values in a real, meaningful way.

via Jürgen Hubert – @juergen_hubert@mementomori.social

Not far from the village of Retzin, which lies about one and a half miles away from Penkun, there is a long, tall hill and beneath it lies a lake commonly known as the Leichensee (“corpse lake”). On the hill, which is now overgrown with shrubs, there used to be a bandits' castle, whose remains can be spotted now and then amidst the shrubbery. The whole hill is therefore still called the Burgwall (“castle wall”)[1]. The bandits who lived in the castle threw the corpses of those they slew into the lake, from which the lake derives its name. The murdered and the murderers are said to haunt the lake and its environs in some nights, and nobody likes to visit the area after dark. Another tale gives us more details: The Leichensee is in the middle of two spots where two castles used to stand, and where now the villages of Lökenitz and Ramin can be found. These two castles belonged to a villainous robber knight named Hans von Ramin. The river Randow, which flows through the lake, was traversable by ships in those days[2] and thus it was common for ships to pass through the lake. The knight with his bandits only waited for those moments, and he had constructed an ingenious contraption which aided him in capturing those ships. He had put down two chains across the lake which were about 50 feet apart, and which were about two inches above the water when they were stretched taut. Whenever he saw a ship approaching in the distance he and his bandits hid in the reeds at the shore of the lake and left the first chain slacken so that it would be below the surface of the water. But when the ship had passed over it, he pulled it taut again. And thus the ship was stuck between the two chains and could go neither backwards nor forwards, and he and his bandits swarmed over it, slaughtered the crew, and took all of its goods. The corpses were thrown into the lake, on the side of the long hill[3]. It frequently occurred that the bandits discovered a larger crew on the ship than they had anticipated. In these cases they rang a large bell, which they had hung up at the shore for this very purpose. Then reinforcements would arrive from both castles. This bell fell into the lake after the death of the knight. It remains there, and at noon on St. John's Day it is still possible to hear its ringing. Source: Temme, J. D. H. Die Volkssagen von Pommern und Rügen, 1840. P. 202-204.

“Комуникацията е жизненоважният мост между човешките съзнания – нейното отсъствие ражда бездни от недоразумения, в които се погубват мисли, чувства и намерения. Колко му е хората да започнат да си споделят повече притесненията и емоциите? “

Да споделиш е да се отвориш, да се отключиш, да се отдадеш. Всяко малко отдаване причинява страх, който все по-дълбоко копае навътре в черупката на комфорта и спокойствието. От друга страна, липсата на емоционална връзка със света те прави уязвим и склонен към крайности.

Ето какво казва Ursula K. Le Guin в The wave in the Mind за комуникацията:

“Кутия А и кутия В са свързани с тръба. Кутия А съдържа единица информация. Кутия А е предавателят, изпращачът. Тръбата е начинът, по който се предава информацията – тя е средата. А кутия В е приемникът. Те могат да редуват ролите си. Изпращачът, кутия А, кодира информацията по начин, подходящ за средата – в двоични битове, или пиксели, или думи, или каквото и да е, и я предава чрез средата на приемника, кутия В, който я получава и декодира.

А и В могат да се разглеждат като машини, например компютри. Те могат да се разглеждат и като умове. Или едната може да е машина, а другата – ум.

В повечето случаи на хора, които действително разговарят помежду си, човешката комуникация не може да бъде сведена до информация. Съобщението не само включва, то е връзка между говорещия и слушащия. Средата, в която е вградено съобщението, е изключително сложна, безкрайно повече от код: тя е език, функция на общество, култура, в която езикът, говорещият и слушащият са вградени.

В човешкия разговор, в живата, действителна комуникация между или сред човешки същества, всичко „предадено“ – всичко казано – е оформено по време на говорене от действителен или очакван отговор.

Живата човешка комуникация лице в лице е интерсубективна. Интерсубективността включва много повече от машинно-медиирания тип стимул-реакция, наричан в момента „интерактивен“. Изобщо не е стимул-реакция, нито механично редуване на предварително кодирано изпращане и получаване. Интерсубективността е взаимна. Тя е непрекъснат обмен между две съзнания. Вместо редуване на роли между кутия А и кутия В, между активен субект и пасивен обект, това е непрекъсната интерсубективност, която тече двупосочно през цялото време.

Моят личен модел за интерсубективност, или комуникация чрез реч, или разговор, е амеби, които се репродуцират. Както знаете, амебите обикновено се размножават, като просто тихо се оттеглят в ъгъла и се разделят на две амеби; но понякога условията показват, че малко генетичен обмен може да подобри местната популация и две от тях се събират, буквално, и се протягат една към друга и сливат псевдоподите си в малка тръбичка или канал, който ги свързва.

След това амеба А и амеба В обменят генетична „информация“, тоест буквално си дават вътрешни части от телата си, чрез канал или мост, който е направен от външни части на телата им. Те прекарват доста време, изпращайки части от себе си напред-назад, взаимно отговаряйки си.

Това е много подобно на това как хората се съединяват и си дават части от себе си – вътрешни части, умствени, а не телесни части – когато говорят и слушат.

Две амеби, които се съединяват по този начин, или двама души, които говорят, образуват общност от двама. Хората също могат да образуват общности от много, чрез постоянно изпращане и получаване на части от себе си и другите – тоест чрез говорене и слушане. Говоренето и слушането в крайна сметка са едно и също нещо.

Речта ни свързва толкова непосредствено и жизненоважно, защото тя е физически, телесен процес. Ако монтирате два стенни часовникови махала едно до друго на стената, те постепенно ще започнат да се люлеят заедно. Те се синхронизират взаимно, като улавят малки вибрации, които всеки предава през стената.

Всякакви две неща, които осцилират с приблизително един и същ интервал, ако са физически близо едно до друго, постепенно ще имат тенденцията да се „заключат“ и да пулсират точно с един и същ интервал. Нещата са лениви. Изисква по-малко енергия да пулсират съвместно, отколкото да пулсират в опозиция. Физиците наричат тази красива, икономична леност взаимно фазово синхронизиране, или „увличане“.

Всички живи същества са осцилатори. Ние вибрираме. Амеба или човек, ние пулсираме, движим се ритмично, променяме се ритмично; ние поддържаме ритъм. Можете да го видите в амебата под микроскоп, вибрираща в честоти на атомно, молекулярно, субклетъчно и клетъчно ниво. Това постоянно, деликатно, сложно туптене е самият процес на живота, направен видим.

Ние, огромните многоклетъчни същества, трябва да координираме милиони различни осцилационни честоти и взаимодействия между честотите в телата ни и нашата среда. Повечето от координацията се осъществява чрез синхронизиране на импулсите, чрез привеждане на ударите в главен ритъм, чрез „увличане“.

Подобно на двете махала, макар и чрез по-сложни процеси, двама души заедно могат взаимно да се фазово синхронизират. Успешните човешки взаимоотношения включват увличане – влизане в синхрон. Ако това не се случи, връзката е или некомфортна, или катастрофална. “

---

Катастрофата се получава, когато страна А или B не е предразположена към такъв обмен и се опитва да се отскубне от връзката с тръбата, ако въобще е била поставена. Това се случва (може би) по-лесно в XXI век, тъй като масовата култура подкрепя затвореността, нишовостта, разделението.

Divide et impera!

И все пак, не можем да спрем да се опитваме да говорим с хора, а особено трябва да вземем присърце и опитите (често синоним на провалите) да комуникираме и с по-затворените хора, които често имат толкова много да кажат.

---

As a profession, cyber/information security has been telling itself that it is “risk-based”, but often fails to live up to that in practice. We see this from hyping threats because they're cool and make for a good conference talk, to having to make a market for a new Gartner product category.

We therefore often mistake the possible for the probable, and the PoC for a Production threat we have to invest to fix. Nowhere is this more extreme than in post quantum cryptography (PQC) and the false urgency of fixing it now, just in case.

Crypto Agility and PQC

Don't get me wrong. Crypto agility and PQC are good things. It is good to know which libraries in your code provide crypto functions so you can keep them up-to-date, whether for PQC or otherwise. That is not the debate. What I have trouble with is the urgency on a problem that everybody agrees to isn't real yet. There are no working quantum computers. Estimates are 5 (optimistic) to 10 (more realistic) to 20 (maybe) years out. Are we still doing risk-based infosec if we're spending time and effort on a problem that realistically won't occur for years?

Are we, when most organizations can't even keep on top of known vulnerabilities or running an effective CSPM program? Between your phishing defense, ransomware resilience and XDR adoption, where does this rate?

“Harvest Now, Decrypt Later” isn't Real

“Oh, but adversaries could capture TLS traffic, store it till a later date and decrypt when quantum computers are viable”.

Yes. Theoretically. But TLS + storage for 10 years is not free – especially when you consider the volume of TLS traffic that runs across the internet on a continuous basis. Google Search gives me daily internet traffic volumes running from 33 exabytes to 0.4 zettabytes which is quite the range, but enough to make it clear that is “stupid scale”. Therefore, simply due to volume, any HNDL would have to be targeted. Unless you're a foreign government or critical industry, that almost certainly already puts you outside of danger.

But BGP Hijacks...

BGP hijacks do happen, where adversaries route vast traffic volumes through infrastructure they control. This is almost certainly to capture metadata, not to HNDL. Even after filtering, what worth is a snapshot of a few hours or days after a decade? At the very least you'd want a continuous stream.

BGP hijacks would be incredibly wasteful to adversaries – storing data in the hope a fragment of a conversation might one day prove useful.

What About Targeted Organizations or Journalists?

If you're a targeted organization watch your XDR and network detection! If you're a journalist, use safe modes and reboot often as surveillance tools targeting you are already on the market.

You're WRONG, I have Clearance and Know it Happens

Very good. And maybe it is, but that still doesn't mean it's a threat. Those adversaries may believe it and waste their time. And you should still start your crypto agility program if not already done, for reasons nothing to do with PQC. Either way, I am happy to admit I am wrong, if that proves to be the case a decade from now. I'll wear the badge “PQC, The One I Got Wrong”.

But I'll take those chances. At least as long as the front doors remain wide open in most of our organizations.

One of the symptoms I hate the most in fibromyalgia is how it messes with my internal temperature perception. Whatever the season we're in, if I'm in pain, I'm sweating. If I do something that my body interprets as physical effort, I transform into a human sweat waterfall. Sometimes, things get even worse, and I feel so hot that I have trouble breathing.

Let me use today as an example. When I woke up, I brushed my teeth and then cleaned Chico's toilet. In a matter of seconds, my t-shirt was soaked in sweat, and my eyes were burning from the perspiration dripping from my forehead and into my eyes.

But it gets worse. Sometimes, I feel so hot that I have trouble breathing. And today was another example of that.

All of this because I woke up, got out of bed, brushed my teeth, and cleaned my cat's toilet. Just this.

There's an upside to this, though [I'm trying to look on the bright side of this, ok...]. Occasionally, before I start feeling the pain increasing, I start feeling crazy hot and sweating. This allows me to at least have a few moments to prepare myself for the upcoming pain increase. Those few moments can go from a few seconds to a few minutes, but never more than that, unfortunately.

Better than nothing, though 🤷.

#ChronicPain #Fibromyalgia #Pain

WriteFreely is very similar to and may be a sister project of WordPress. However, after following the Fediverse instances, regardless of potential issues, the truth is that there is no such WordPress.org-based server that supports external accounts thus far.

Welcome to the Fediverse!

Hello! Welcome to the Fediverse!

WriteFreely is very similar to and may be a sister project of WordPress. However, after following the Fediverse instances, regardless of potential issues, the truth is that there is no such WordPress.org-based server that supports external accounts thus far.

WriteFreely is very similar to and may be a sister project of WordPress. However, after following the Fediverse instances, regardless of potential issues, the truth is that there is no such WordPress.org-based server that supports external accounts thus far.

WriteFreely is very similar to and may be a sister project of WordPress. However, after following the Fediverse instances, regardless of potential issues, the truth is that there is no such WordPress.org-based server that supports external accounts thus far.

I've been using Ubuntu daily for a few months. I was a bit afraid of having some major issue and having to try another distro before thinking about returning to Arch, but the balance is positive so far.

I admit there have been a few things that've annoyed me. Then again, I've had that on any OS I've used, so... yeah, computers... At least they're not printers, right?! 👀

✔️ The positives

I find the default GNOME experience on Ubuntu to be good. Back in the day, I enjoyed the hell out of Unity, and having a similar experience is nice. Of course, we're talking about GNOME here; extensions are necessary, but I didn't install that many, and some were only to improve the interface's bling (I like pretty things 🤷).

It's also nice to have a free tier for the Ubuntu Pro program. If, for whatever reason, I decide to stick with this version, I'll have 10 years of security updates (at the time of writing). The specifics are on the link above, so don't forget to check it out to know more about them.

When it comes to regular home users, Pro's free tier can be a nice thing to have. This way, they can slowly prepare the migration to a newer LTS and still stay reasonably secure. Well, to be honest, also because they don't tend to like changes, and keeping a stable environment for some time reduces the stress of computing for them.

This, of course, is also beneficial for self-hosters, for example. But it might not be for you, and that's fair, too. 🍻

Snaps have also improved quite a lot. You may find the occasional exception, but they have become quite performant compared to just a few years ago. Even the Steam snap has improved; however, it can take a little bit more time to launch than the native package when you have a lot of games installed and/or they take up a lot of disk space.

Another plus for the Steam snap is being able to change Mesa versions. There might be some games that require more recent versions than the included one, so this is a nice feature to have.

❌ The negatives

There's an issue with the Steam snap, where right-clicking on something to show a menu and then clicking on a menu entry just closes the menu and doesn't perform the action. This one can be annoying as hell sometimes! 💢

I do miss having some utilities I use already packaged or from a trusted enough source on the AUR, but I compiled them from source, and I keep tabs on new updates occasionally.

It's also a shame there is no official gamescope package, and you're left compiling it from source. I do think there are a few issues with that on the 24.04 LTS version, but I'm just remembering this as I type, so I might be misremembering.

I was also having the best KDE experience I've had in ~20 years with Plasma 6.x on Arch, but it's not packaged for Ubuntu 24.04. One time, I tried using a repo from Kubuntu or something, but I ended up borking the package and dependency lists, and couldn't remove the upgraded packages. 💀 I ended up reinstalling, which was faster than spending a day debugging dependency issues and force-installing some packages manually.

I had forgotten how PPAs can be a headache if you just YOLO it. 😅

👋 Conclusion

At least for now, I'm sticking with the latest stable LTS. When I switched, my goal was to have a system that doesn't change much over time and, in doing so, doesn't bother me every day to install a ton of updates. I also wanted something more reliable. While the verdict is yet to be reached on the latter, it has been reached on the former — most days, I only have flatpak updates.

I'll stick with Ubuntu LTS for a few more months, so I can safely say if it is what I'm looking for or if I need to find another distribution. Although I think I'll probably stick to it until the next LTS — unless I have a major issue with it —and then reevaluate it.

#Ubuntu #Linux #Arch #KDE #GNOME #Steam #Gaming #LinuxGaming #DesktopLinux

I bought one so you don't have to. (Edit: at least until Eaton supports Matter over WiFi)

These devices connect to Azure IOT Platform. While I am sure Eaton has a great deal for that, it means that every time I turn the lights on or off, Azure gets paid a small amount of money.

The switch, while not multi-touch capable, will wait 0.5s before turning the load on or off.

In an event of a network connection disruption, when you are back online the switch will take ~5 minutes to become available in the app. There is no local control even though the ESP32-C3-MINI1 (datasheet) module can do this. The unit is provisioned with WiFi credentials over Bluetooth but other than that Bluetooth is not used.

And when you use schedules, the status LED does not correspond to the actual state of the switch.

I am still debating whether to give Schneider Electric Matter-over-WiFi a try, but the more I read the specs the more I become convinced that Z-Wave network I already have is the best.

Edit: https://www.eaton.com/us/en-us/products/wiring-devices-connectivity/Matter.html suggests that at some point these WiFi devices will gain Matter support. If/when that happens, these switches, dimmers, and receptacles will become much more useful.

In case you want more #IOT in your life, Eaton ships remotely actuated circuit breakers.

The breakers are provisioned using a “BlinkUp” system through your phone. You start the provisioning on your device, then put your screen to the sensor on the circuit breaker, your screen blinks a number of times sending WiFi credentials to the device, and then the latter connects to the Electric Imp servers. Eaton is using impOs as the basis of their offering, and Electric Imp is adamant they are secure.

Now, Eaton provides API to these circuit breakers – https://api.em.eaton.com/docs, but there is no true local access – there is apparently a way to get local control, but your device must phone home weekly to receive configuration that would allow you to talk to your device locally.

As I was writing this I decided to scan GitHub for the URLs I found so far, and, well, people smarter than me have already written a home_assistant integration against #SEW, but it is a bit different from what I saw in the field:

• https://github.com/cnecrea/hidroelectrica

I'd still like to describe how to locate the endpoints and the login process, so here we go...

This is the second post about #SEW SCM API – Smart Customer Mobile API by Smart Energy Water, this time we will learn about different APIs using real world utility websites.

It appears that there are at least two different API “flavors”. The one that uses ModuleName.svc/MethodNameMob naming convention and usually resides under PortalService endpoint, and the newer one, which lives under /API/.

So e.g. Nebraska Public Power District has endpoints at https://onlineaccount.nppd.com/PortalService/, e.g. https://onlineaccount.nppd.com/PortalService/UserLogin.svc/help. Rochester Public Utilities runs a different set of endpoints, with the root at https://connectwith.rpu.com/api.

The endpoints for the latter API can also be browsed at https://scmcx.smartcmobile.com/API/Help/.

Different utilities pay for different set of modules, and here's some of the modules I have discovered so far:

• AdminBilling
• CompareSpending
• ConnectMe
• EnergyEfficiency
• Generation
• Notifications
• Outage
• PaymentGateway
• Usage
• UserAccount
• UserLogin

For /PortalService/ endpoints you can visit BASE_URL + /PortalService/ + ModuleName + .svc + /help to get the list of RPC calls you can issue. In order to find out what to send in the requests, you need to look into the calls within the apps for your utility. Note that some utilities opted out of the AES/CBC/PKCS5Padding PasswordPassword encryption, so let's hope this will be a trend forward. Currently SEW web portals talk to a completely different set of APIs to populate the interface, even though they are querying the same thing.

So to start, here's how to login to your favorite utility:

from typing import Mapping, Any

import base64
import json
import hashlib
import requests
import urllib.parse

from Crypto.Cipher import AES

BASE_URL = "https://example.com/PortalService"


def _encrypt_query(
    params: Mapping[str, str], encryption_key: str = "PasswordPassword"
) -> str:
    """Encrypt with AES/CBC/PKCS5Padding."""
    cipher = AES.new(encryption_key, AES.MODE_CBC, IV=encryption_key)

    cleartext = urllib.parse.urlencode(params).encode()

    # PKCS5 Padding - https://www.rfc-editor.org/rfc/rfc8018#appendix-B.2.5
    padding_length = 16 - len(cleartext) % 16
    cleartext += padding_length * chr(padding_length).encode()

    return base64.b64encode(cipher.encrypt(cleartext)).decode("ascii")


def request(module: str, method: str, data: Mapping[str, Any]) -> Mapping[str, str]:
    enc_query = _encrypt_query(data)
    # Or module + '.svc/'
    url = BASE_URL + "/" + module + "/" + method

    resp = requests.post(url, json={"EncType": "A", "EncQuery": enc_query})
    if not resp.ok:
        raise Exception(resp.status_code)
    return resp.json()


password_digest = hashlib.sha256("PASSWORD".encode()).hexdigest()
# Or ValidateUserLoginMob
response = request(
    "UserLogin",
    "ValidateUserLogin",
    {"UserId": "USERNAME", "Password": password_digest},
)
print(response)

response will contain some object, you will need LoginToken and AccountNumber to proceed with most of the other calls.

It's a bit awkward that different utilities have different endpoints, which makes creating a universal client challenging, so for now I am researching the ways to get info from the Usage module. The parameters are weird (“type”: “MI”, or “HourlyType”: “H”), but we will get there.