From the Micro.blog verification page:
To verify your web site, add either a <link> tag in the <head> section of your HTML, or add an HTML <a href=""> that points to your Micro.blog account. Both of these should have the rel="me" attribute.
Micro.blog. Done and done!
This is cool ^_^:
$ openssl s_client -connect freebsd.org:443
==> CONNECTED(00000005)
==> depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
For the record:
$ openssl s_client -connect rubenerd.com:443
==> CONNECTED(00000005)
==> depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
And a different kind of record:
$ openssl s_client -connect www.cdbaby.com:443
==> CONNECTED(00000005)
==> depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
I shouldn’t attempt puns so early in the morning.
I’ve had a few people ask what the headers on this site and my Twitter feed are. I assume you’re people, I’m not running a Turing Testificator on here.
My blog here has a 4-bit colour rendition of a tree in Sydney. Maybe it was growing up on DOS and Windows 3.x with gloriously dithered 256 colour palletes, but I love the aesthetic. It also has a filesize benefit, and it preserves its dithered crapulance when stretched to different screen sizes.
Twitter has a picture I took in the Café Break in the Namba Parks shopping centre in Osaka. Cafés are my favourite places in the world, and having one in Japan with all those plants and good coffee was something else. The gentleman sitting there reading was a nice touch too, especically considering the wide smile he gave Clara and I when we walked past.
My original idea was to cycle these every few weeks, like the late, great J-Walk Blog. You know who would remember that? Jim Kloss would remember that.
According to my iTunes playlist started in 2001, I have the following songs titled with the word ceiling:
Among the songs that don’t have the word ceiling:
This photo of Peruvian salt mines by Diego Delso on Wikimedia Commons is of salt evaporation ponds in Peru, surprising though it may seem. Related to this with the utmost tenuousness, this week’s Friday Fanmail comes from someone purporting to be called Mark Waller.
Wallers traditionally work in salt mines, and were responsible for initial drainage and raking of the aforementioned comestible. Mark is an addition to a surface made with an implement such as a pencil. We both learned something today.
This was the opening to his very, very long communiqué:
I didn’t want to cold call your business as we all find that annoying if we’re busy; instead I was hoping this email would make it possible to arrange a quick chat at your convenience?
I’d have hoped his cold calling aversion equally applied to emailing. The only people who should cold email are Icelandic security professionals. Get it? Because people in very cold places, emailing, would be…
Oh Ruben, you’ve still got it.
The New York City Subway System was one of the most fascinating warrens Clara and I have explored. Fast, convenient, at times utterly offensive. Now we’ve been to Japan, we understand the nomenclature of “local” trains versus others, and have a newfound appreciation for the ease of using it!
One part we missed was the brand new 34th St–Hudson Yards station servicing the ❼ train. The pictures from the MTA look almost like Epping station in Sydney.
I’d never heard of this late mining magnate’s daughter, or the fact she’d been wrestling with his estate for a greater share of her inheritance. But this was her wishlist, as quoted by Joanna Menagh for the ABC:
How ridiculous, right!? HAHA! Social media was filled with more than a little schadenfreude when she lost $22 million on appeal, in light of the vapid extravagance of this list. Maybe I felt it a bit too.
I’m just happy I’m satisfied with mediocre things. Our new IKEA couch is awesome. Check out that photo, how unreasonably comfy does it look? Conversely, how hollow must it be to only derive joy or satisfaction from conspicuous consumerism on items valued more than the GDP of some countries?
But then I realised even my new couch isn’t mediocre compared to some families who have to decide between food and heating their homes, if they’re lucky enough to have one. I didn’t spend that money on essential charity, it went entirely to making Clara and I more comfortable. Isn’t that selfish?
Like many things, there’s a scale involved here, and I don’t feel like its my place to judge when I’m indulgent in my own ways too. Well okay, I judge her poor taste wanting a diamond encrusted bass guitar, but that’s it. That thing would be ugly as sin. Unlike my new couch, which is awesome.
Okay okay, I’m judging, fair cop. Would that be a freckled police officer?
I haven’t done a thinking out loud post for a long time, where I scrawl out my ideas in one continuous stream then revisit it later.
TouchID came in the iPhone 5, and unsurprisingly, I was skeptical. My principle concern was passwords can be changed, but your fingerprint can’t be. If your fingerprint data was leaked, any sufficiently motivated actor could access any current or future device you lock with this, and short of sandpaper there’s no way to revoke it.
I came around to it for the same reason we all did: convenience. I had been using the alphanumeric keypad to enter passwords on previous iPhones, and it was such a pain, I moved back to numbers. TouchID meant I could have a more secure input method for day to day use.
FaceID in the iPhone X is the next level up, and I’m not satisfied it’s mature enough. Within its first month of real world use, there are already reports of white hats fooling the system with face moulds, or with similar enough family members.
If this sounds like the arguments against TouchID, bear in mind your face is public to an extent your fingerprint is not. 3D facial reconstruction from 2D images is already old hat. Obtaining fingerprints surreptitiously and creating an analogue is possible, but arguably more complex.
Official art above is from How To Raise a Boring Girlfriend, which seemed oddly appropriate for this post.
We’re in the early days of attacks against FaceID, but they will only keep getting better. The next 12 months will be interesting to watch.
Meantime, I’m sure Apple is working on higher resolution cameras and other technical measures to thwart attacks like this. They already claim to scramble the order your face is scanned for each device. If a mobile phone manufacturer can pull off implementing a secure system, I trust Apple over anyone else based on their track record and motivations.
I also don’t entirely buy the line that FaceID only exists to remove a home button. Granted it was necessary for that new design, along with a regrettable shift to OLED, but its reasonable to assume they would have implemented this feature regardless. Apple has billed this as more convenient auth.
I guess it comes back to those two key words: “sufficiently motivated.”
You can be reasonably confident that any locking device on a phone already provides a sufficient barrier to entry for most people to bother, and chances are a stolen iPhone X is more valuable to immediately resell than to go through the process of breaking it for data mining. But for high profile targets, or those dealing with secure data, it’s something to keep in mind.
This originally appeared on the Annexe.
If you use popular third-party Debian repos such as Sury, you need the apt-transport-https package first. If you use Ansible:
- name: Install dependencies
apt:
name: apt-transport-https
state: present
- name: Install sury repo key
apt_key:
url: "https://packages.sury.org/php/apt.gpg"
state: present
- name: Install sury repo
apt_repository:
repo: deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main
update_cache: yes
And naturally you’re also filtering outbound firewall traffic too, because you’re competent. In which case, make sure you’re permitting https traffic too:
- name: Enable outbound https
ufw:
rule: allow
direction: out
port: https
I spent most of my early teens obsessed with the early jet age. The technology was fascinating, as too was seeing society react and adjust to almost the whole world being a day away for the first time in history. It was the same reason I was captivated by turn of the century ocean liners.
It’s so easy to be cynical about technology in 2017, but there’s no question its ushered in untold good when applied well.
Anyway, I thought I’d committed most of the famous airframes to memory, but somehow I’d missed the Tupolev Tu-114. That’s not a typo; the Tu-104 was the Soviet Union’s famous twin engine jetliner, but the Tu-114 is arguably the most sophisticated propliner of all time.
When you think of commercial propliners, you probably think of zipping between small airports in an ATR. The Tu-114 not only still holds the propliner speed record since its 1955 release, its swept wings, range, reliability, sleeping berths, and pressurised cabin had it competing almost neck-to-neck with the jetliners of its time.
Among its other interesting design attributes, its props were contra-rotating, meaning each prop had two sets of propellers that spun in opposing directions. Props are jet powered, as opposed to piston powered propellers of earlier generation planes. To accommodate the giant blades, the landing gear had to be build so high many airports didn’t have stairs that could reach the cabin doors!
There aren’t many surviving airfames, though Wikimedia Commons has a picture of one at the Central Air Force Museum, east of Moscow. Maybe I’ll be able to check it out one day.
