Just to mention it:

Updated a Sony Z3c running #CarbonROM and upgraded a tablet running #LineageOS. Thanks for all the people who build these systems!

It took me about two hours to

• get the backup on the Sony working in twrp with a sdcard
• do full system backups
• update CarbonROM manually, because the reboot into recovery doesn't work
• getting a stable usb connection to the tablet by rotating ports, cables and orientations of the plugs
• install a newer version of recovery.img on the tablet
  • needed to recap how this is done in Linux using heimdall
• install the newer LineageOS via adb sideload

Looking back at the process I prefer much upgrading my #Librem5 and I need to get back to the idea of getting a #Librem11 to get rid of the dependency on the LineageOS tablet.

Note to myself:

When I want to start my Sony #z3c installed with #CarbonROM in #recovery mode I need to to switch it off, disconnect usb and then push and hold volume-down and power together until I see #twrp starting.

remember:

• disconnect usb
• shutdown / switch-off the phone
• press and hold volume-down and power button …
• …until you see twrp booting

Don't try adb, don't try rebooting from CarbonROM into twrp - you didn't get it to work the last time you tried

Note to myself to remember:

If I delete/change/add Active Directory Domains in #packetfence I need to make sure that in REALMS the changes are reflected.

Otherwise an #802dotX authentication attempt using wpa_supplicant -c /etc/wpa_supplicant/packetfence-demo.conf -D wired -i ens192 might end with EAP-TLV: TLV Result - Failure.

#flohmarkt - a lot of improvement!

It is really nice to see that during the last few days

• irc channel #flohmarkt started on Libera.Chat
• the flohmarkt repository has been re-organized to let volunteers write to the wiki
• the activity on open issues increased immensely

This would be a dream come true to have an open and decentralized small ads market place.

Our battery vacuum cleaner #Xiaomi Dreame V10 (VVN5) stopped working for more than a few seconds and shows a #battery warning.

I thought it'd be easy to get a new battery, but doesn't seem so. I opened up the battery pack to find 7 Samsung INR 18650 cells and a PCB.

The cells are electrowelded to their connectors with two little dots. Something I couldn't do to replace them to #repair the pack.

So I asked a company specialized in refurbishing batteriy packs and they told me that they wouldn't do this, because once disconnected the PCB would shut down and stop working. They wouldn't be able to bring it back to life.

They can't offer me replacing the cells mechanically, because of - liability and warranty laws.

#repairability #PlannedObsolescence

Hallo Admin,

unser Umfeld folgt dem Prinzip von #Ursache und #Wirkung. Wenn Du die Ursache für einen Fehler gefunden hast, dann kannst Du überlegen, ob Du sie beheben kannst oder versuchst den Fehler zu umgehen (#Workaround).

Da beginnt das dünne Eis: Workarounds fallen uns immer wieder vor die Füße, weil sie für den Rest der Menschheit unerwartet auftauchen, das Verhalten von Installationen so verändern, dass es nicht mehr der Dokumentation entspricht und sie werden nicht von den Herstellern mit gepflegt. Nach Updates fängt dann häufig die Suche an.

Durch genaue Beobachtung kann man natürlich auch Workarounds finden, die ohne die Kenntnis der Ursache des eigentlichen Problems, das Problem umschiffen.

Das mag manchmal wie eine Abkürzung erscheinen, aber mir ist es häufig genug passiert, dass mir diese Bastelarbeiten an anderer Stelle selbst dann viel Arbeit in der Nachpflege und/oder Fehlersuche verursacht haben.

Wenn Du dann noch darüber nachdenkst, was man alles mit der Zeit hätte anfangen können, die aufgewendet wird um an unterschiedlichen Stellen, in unterschiedlichen Organisationen und von unterschiedlichen Leuten Bastelarbeiten für die Umgehung von Fehlern durchzuführen, dann wird schnell klar, dass im Sinn der #Gemeinschaft das Lösen von Fehlern deutlich effektiver ist, als das Umschiffen derselben.

Nun können wir das nicht anderen vorschreiben (ich Dir ja auch nicht :) ), aber alle Beteiligten können für sich entscheiden, welche Herangehensweise ihnen besser gefällt und diese für sich selbst annehmen.

Und ja, wir müssen auch in Hinblick auf unserer Verfügbaren Mittel Maß halten und können in manchen Fällen das Problem nicht lösen. Aber Melden des Problems beim Hersteller und Beschreiben des verwendeten Workarounds sollte eigentlich drin sein - insbesondere bei Free Libre Open Source Software.

Apell fertig. :)

Dein Mit-Admin.

If a service wants you to download #GoogleAuthenticator for #Android or #iOS to activate mandatory 2nd authentication factor:

• It's the same as using <space> nitropy nk3 secrets add-otp --protect-with-pin --touch-button --digits-str 6 --kind totp paloalto <seed> with your #Nitrokey 3 - don't forget to check the command history to delete the key from there in case the leading space of the nitropy-command didn't stop your shell from saving the command to history.
• If they then show you a QR you're supposed to scan with your always online, known to be unsecure, sending everything to the cloud device there's ususally a button for can't scan that'll show you the seed
• If #javascript on the page then makes it impossible to copy that seed at least in firefox there's right click/inspect (q) which you can use to have a quick look at the source of the element to copy the seed from the source (think about how secure your clipboard is and whether you need to delete the seed afterwards from it. Big mess: clipboard history writing to disk possibly without full disk encryption).
• Otherwise - if there's no way to get a text view of the seed - take a screenshot of the qr, save it, and use zbarimg <screenshot-file> to get the text reading from the qr

I'm migrating from a #LibremKey to a #Nitrokey 3c. One OTP made it to my new Nitrokey and the rest still sits on the LibremKey. I updated my OS and installed the new #nitropy utility which can't handle the LibremKey.

#NitrokeyAuthenticator is still installed on my #Librem5 and while it is easy to use that way it is even easier from my desktop. Waypipe didn't work, but ssh librem5 NitrokeyAuthenticator -platform vnc opens an unprotected vnc port…

purism@pureos:~$ netstat -pnlt | grep Nitro
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp6       0      0 :::5900                 :::*                    LISTEN      2019/NitrokeyAuthen 

…which I can connect to to get an otp before migrating it to the new token.

#NotSoSecure

And after disconnecting the ssh session the application keeps running and still can be connected to.

#EvenLessSecure

Hey #deSEC - that's such a cool service your running!

Thanks a lot - I started donating!

It works really well in conjunction with my #yunohost hosting this microblog.

https://desec.io/about