activistPnk

RFC 6350 has a “Security Properties” section which only has a “KEY” field. Public keys tend to be huge; likely too big for a Vcard that will then be encoded as a QR code that needs to fit on a business card. Also too big for a Vcard that would be SMS-transmitted. And it does not take much to throw LaTeX’s QR code package out of bounds:

ERROR: TeX capacity exceeded, sorry [main memory size=5000000]

It would be far more sensible in most cases to include a fingerprint of a public key, which is just a reasonably short hash of the key. But strangely, RFC 6350 seems to only define a field for whole keys. I thought surely I must be missing something. But indeed it’s an oversight. Someone else noticed the problem as well:

https://www.av8n.com/computer/htm/distributing-keys.htm

A fingerprint can probably be stuffed ad hoc into the NOTES field. But without structure it’s not so easy for the person importing the Vcard.

John Denker proposes a reasonable hack for PGP users. But is there nothing for OMEMO fingerprints that an app like #Snikket can make easy use of?

Update

Apparently there is a URI standard format for specifying an OMEMO fingerprint which resembles something like this:

xmpp:user@domain.org?omemo-sid-123456789=A1B2C3D4E5F6G7H8I9…

So although there is no vcard integration, there is at least a way to do a separate QR code.

I have 3 fingerprints (one for each XMPP device) and it would not be ideal to have 3 separate QR codes. This vague bug report seems to suggest multiple fingerprints can be concatinated in a single record.. or is the author requesting that?

The command xmppc -m omemo generates URIs, but it produces a separate record for each fingerprint.

A box of really old TomToms (softball sized) appeared at a street market a year ago, two for a dollar. I doubt anyone was interested in any and I doubt the seller would bother to return with them. They were probably be wasted.

In principle, old TomToms could be used to feed a smartphone. If you use a smartphone for navigation, these components compete to suck the battery dry:

• the color LCD
• GPS radio receiver
• WiFi¹
• GSM¹

(1) only applies to Google boot-lickers who enable location tracking in order to avoid the wait to acquire satellites.

The GPS is a significant drain because it’s heavy on non-stop calculations, which generates heat (wasted energy), and the heat itself hits the battery even harder.

We can do better. TomToms with bluetooth tend to suppot NMEA (I think). So the old TomTom w/outdated maps could be used purely to get a fix using its own battery supply, which it then transmits over bluetooth. So you toss TT in your backpack. Disable the GPS on your smartphone and enable bluetooth. Bluetooth is like 1 tenth the energy consumption of GPS. Then you enable mock GPS in advanced settings and run a FOSS bluetooth app that serves as middleware to feed the mock location.

The problem: OSMand and Organic Maps are both incapable of using mock GPS locations. And even if they add the capability, it would only be in their recent version which has already left behind older phones. (edit: well Organic Maps is not that bad… their latest version supports AOS 5)

Refusing to support Google means using airplane mode with location svcs off and being wholly dependent on GPS. And for whatever reason it takes me around 20—30 min to get a fix despite being in a large major city; every time. This must make Google happy. The old TomToms were faster at getting a fix. IIRC, they would take 20—30″ only the first time but quickly got a fix after subsequent power cycles in the same area thereafter.

Smartphones have the sensors to do inertial nav if you calibrate a starting point. But the apps don’t have their shit together yet. I vaguely a recall a FOSS app doing inertial nav, but not too useful if it results in a mock location that OSMand cannot handle.

IBM Thinkpads have a cult following in part due to not just a good design out of the gate, but the fact that the original designer refused to bend to pressure to change the design every year. The parts are interchangable to large extent between models spanning what, 3—5 years? The guy was under constant pressure; was told to give consumers something fresh by changing up the design. Luckily wisdom prevailed and he disregarded such reckless advice by responding with the mantra: ”if it ain’t broke, don’t fix it!”

I’m happy to buy Thinkpads over 15 years old, often sold for ~$10 on the street, because if something is broken or breaks it can still be used for parts to fix other models of Thinkpads from roughly the same decade.

Lenovo acquired Thinkpad from IBM and gradually fucked it up around the T410 or T450 models as they gave in to the demand of consumers giving a shit about shaving off every gram of weight possible at the expense of ditching rugged rollcages and ditching features like optical drives. Watch some videos of people trying to simply remove a keyboard from a T450 to see what I mean.

Whirlpool also has a reputation for not radically changing the design of internal components. I called a repair shop over a washer or tumble dryer that was like 15 or 20 years old. They said at that age, if it’s not Whirlpool they won’t even show up because when the parts change every year then spare parts quickly become unavailable (of course before people start needing the spare parts). They said Whirlpool is an exception because the same parts will be used for a decade or more, which then justifies the business of making spare parts for a prolonged time (I imagine as well the aftermarket likely thrives too).

Grain of salt though because I heard Whirlpool doesn’t always put their label on their own products and Whirlpools also end up getting labeled as Sears Kenmore. If Whirlpool rebadges something else as Whirlpool, how could the design have consistency w/other Whirlpool machines? Anyway, it was just an example and possibly flawed based on one repair shop’s opinion.

The problem -- no metrics

This is all just tribal knowledge propagated ad hoc by word of mouth. The masses don’t generally know this shit and probably most of them don’t care. I think Whirlpool and Thinkpad were not even diligent enough to advertise it. Maybe they did not even know in advance they would have design consistency over the years. Perhaps if they advertise: ”uses the same motor as previous 6 models”, they would fear that it would chase away foolish consumers who would regard that as ”old”, unevolved, or non-innovative. Those same stupid consumers who are brainwashed to chase “latest and greatest” are why we face so much unrepairable garbage on the market.

Since no one tracks design stability/consistency over time (not even Consumer Reports or similar orgs), there is no incentive for manufacturers to try to satisfy the unknown & unmeasured demand that no one is looking at.

cross-posted from: https://slrpnk.net/post/21474120

Tl;dr: deliver snail-mail by hand

Most corporations and gov agencies have outsourced email service to a highly unethical corporation (Microsoft). Every time you send an email to a recipient who uses MS for email service, you feed profitable data to a surveillance advertiser who snoops on email payloads for profit. You also reveal to the recipient your email address which they can use to feed profitable data to the surveillance advertiser beyond your control for an indefinite time.

It’s baffling how many people think this is a good idea.

As a Microsoft boycotter, I have naturally reverted back to old-fashioned snail mail. If the recipient is in my city, I personally hand-deliver the letter to their mailbox. Costs me nearly nothing. The recipient who is typically a gov agency or corporation is generally forced to respond using the national postal service (as I withhold email addresses from the correspondence). And rightfully so. It’s an extra perk that they pay a built-in postage penalty for poorly choosing their email provider.

This has been working well for me¹. I spend nothing if the recipient is in cycling range, and the recipient helps fund the national postal service when they respond using an option that is increasingly under the threat of mass digitization by privacy adversaries (MS and Google). Case in point: Denmark ends postal service this year, so it’s already too late there.

To verify whether the recipient’s email traverses a surveillance advertiser:

torsocks dig @8.20.247.20 -t mx -q "$domain" +noclass +nocomments +nostats +short +tcp +nosearch

where $domain is the domain portion of their email address. This command will check whether their vanity address is Microsoft or Google in disguise -- which is usually the case. It will usually output “yada yada outlook yada yada” to indicate Microsoft.

If you live remotely, can’t cycle, etc, then stop being cheap and buy stamps. They are cheaper than your Internet subscription which leaves you feeding surveillance advertisers.

¹ Exceptionally, one recipient went to the trouble of collecting my email address from a 3rd party without my consent in order to respond to my snail mail via email hosted by their surveillance advertiser. They naturally received an instant GDPR Article 17 request to erase my email address at that point along with a notice that they violated Article 5 (data minimisation).

cross-posted from: https://slrpnk.net/post/21474632

All my local junkyards accept e-waste but they bounce anyone who shows up with a screwdriver. Once a machine is dumped, it becomes the property of the junkyard who sees repairers who remove stuff as a threat to their bottom line, which comes from the melt value of the metals. I cannot even pay for the parts even if I wanted. I have been kicked out of junkyards enough times that the whole staff recognises me now. It’s really fucked up that the shitty melt value of the metals is prioritised above consumers will to repair.

The disposal chain goes like this:

1. consumer dumps appliance waste (sometimes straight to the dump, sometimes to an org in step 2)
2. some org that decides if the thing is broken or not
3. if it works → goes to a charity to resell
4. if reparable → goes to a charity to fix and resell
5. if “non-repairable” → broken down for proper disposal

That last step uses scare quotes because they are piled under such an unsurmountable stock pile of disposed appliances that only trivially repairable things get repaired. Countless things that are either repairable or good for parts get destroyed. I suspect there is a blanket assumption that inkjet printers are never regarded as repairable.

The idea of repurposing is completely absent from this process. E.g. they would never remove a broken LCD panel from a flat screen device and use it to make a lightbox / table for a stained glass artist or photographer who looks at slides.

Step 5 needs a mod. Everything not put through the charity should go to a weather-protected staging area where the general public can walk through and take what they want. Every item should be there for at least a week or two before breakdown.

Freeloaders might use such a mechanism to grab things with a high melt value. But I’m not sure a petition to the city needs to address that -- it’s the city’s problem to solve.

cross-posted from: https://slrpnk.net/post/21474636

If I have a Whirlpool machine model XYZ, broken or not I should be able to add a record to a DB that says notify me if a machine of that model is disposed of so I can pick it up for parts or come and just remove a part that I need.

Yes, this means staff in the e-waste disposal services would need to look up the model of every item disposed to see if a repairer wants to be contacted. Is that too much to ask?

cross-posted from: https://slrpnk.net/post/21474519

Not sure if a local gov could get away with this. Is it sensible to ask the local gov take formal actions to declare copyright as unenforcable on things like service manuals and wiring diagrams, which product makers protect almost like trade secrets? It’s not likely enforced anyway, but a formal step would be needed before leaked service manuals could be distributed by public libraries.

In the EU, manufacturers must share repair docs with third-party /insured/ repair professionals (not consumers) for some specific products like washing machines.

Using a stick

Would it be sensible for a local law to require those professionals who have privileged access to repair docs to share whatever they obtain in the course of their work with a public library?

using a carrot

Would it be sensible for a policy to compensate professionals who have privileged access to repair docs for sharing whatever they obtain in the course of their work with a public library? It could be abused. E.g. an appliance repair shop could submit multiple wiring diagrams for the same product as separate submissions if they are (e.g.) paid $/€ 50 per submission.

If the carrot and stick are both used, repair pros could get 50 for the first submitted doc for each model, but then have a mandate to supply any additional docs they receive for that model without further compensation. Maybe that’s too detailed for a petition.

Tl;dr: deliver snail-mail by hand

Most corporations and gov agencies have outsourced email service to a highly unethical corporation (Microsoft). Every time you send an email to a recipient who uses MS for email service, you feed profitable data to a surveillance advertiser who snoops on email payloads for profit. You also reveal to the recipient your email address which they can use to feed profitable data to the surveillance advertiser beyond your control for an indefinite time.

It’s baffling how many people think this is a good idea.

As a Microsoft boycotter, I have naturally reverted back to old-fashioned snail mail. If the recipient is in my city, I personally hand-deliver the letter to their mailbox. Costs me nearly nothing. The recipient who is typically a gov agency or corporation is generally forced to respond using the national postal service (as I withhold email addresses from the correspondence). And rightfully so. It’s an extra perk that they pay a built-in postage penalty for poorly choosing their email provider.

This has been working well for me¹. I spend nothing if the recipient is in cycling range, and the recipient helps fund the national postal service when they respond using an option that is increasingly under the threat of mass digitization by privacy adversaries (MS and Google). Case in point: Denmark ends postal service this year, so it’s already too late there.

To verify whether the recipient’s email traverses a surveillance advertiser:

torsocks dig @8.20.247.20 -t mx -q "$domain" +noclass +nocomments +nostats +short +tcp +nosearch

where $domain is the domain portion of their email address. This command will check whether their vanity address is Microsoft or Google in disguise -- which is usually the case. It will usually output “yada yada outlook yada yada” to indicate Microsoft.

If you live remotely, can’t cycle, etc, then stop being cheap and buy stamps. They are cheaper than your Internet subscription which leaves you feeding surveillance advertisers.

¹ Exceptionally, one recipient went to the trouble of collecting my email address from a 3rd party without my consent in order to respond to my snail mail via email hosted by their surveillance advertiser. They naturally received an instant GDPR Article 17 request to erase my email address at that point along with a notice that they violated Article 5 (data minimisation).

There are job postings lately for hacking and reverse engineering embedded systems, particularly from defense contractors. I suppose they would be doing things like capturing and hacking enemy drones.

That’s not exactly my interest, but shows there is a demand for breaking into embedded systems. I personally want to develop these skills just to repair shit like washing machines that lock me out of their protectionist PCBs designed for premature obsolescence/destruction. When the washing machine manufacturer gives me the middle finger after asking for a service manual, I need to return the sentiment and fix the thing without their support (yes, it has serial ports on the PCB).

In any case, the course should cover using tools like Bus Pirates and Flipper Zero. Anything out there in open university courses?

cross-posted from: https://slrpnk.net/post/21299422

My kitchen scale is powered by a cr2032 lithium button battery. Yes, it was sloppy of me to buy the scale without seeing how it was powered. I only use the scale once or twice per month, yet these shitty button batteries only last a few months. It seems like I only get about ~6—12 measurements before the battery is dead.

WTF? This seems to defy physics. The scale automatically powers off. Of course it must always have some power because there is no ON switch. The scale detects capacitive touch taps or weight before turning on the display.

Digital calipers use a button battery which also only gives a dozen or so measurements before the battery is dead. It seems the calipers power on when the case is snapped shut. Maybe the rattling causes it to power on since it’s very touchy. Turns on with the slightest movement.

My bicycle helmet takes a cr2032, which only lasts a few months. Perhaps because it’s hard to remember to turn off the light. But still, it’s a shitty design because it has no timer or motion sensor. Or would a motion sensor itself use more power than the LEDs?

Questions:

• are button batteries a significant e-waste burden?
• are the batteries themselves really short lived, or are the appliances that use them all just poorly designed?