Links from 2017-06-18

Autoconfiguration in Thunderbird

Thunderbird 3.1 and later (and 3.0 to some degree) includes mail account autoconfiguration functionality. The goal of autoconfiguration is to make it very easy for users to configure the connection of Thunderbird to their email servers. In many cases, people should be able to download and install Thunderbird, enter their real name, email address and password in the Account Setup Wizard and have a fully functioning mail client and get and send their mail as securely as possible.

Tagged as: , , , | Author:
[Montag, 20170619, 05:00 | permanent link | 0 Kommentar(e)


Links from 2017-06-12

The Long, Slow, Rotten March of Progress

The constant recombination of worn-out elements. Companies that make useless products to help other companies make useless products that help other companies make useless products. There are start-ups that spend tens of thousands on names and branding before they even come up with a product or see if anyone might want it. This is called innovation, but what it actually represents is a culture that piles up the garbled detritus of the old in lieu of creating anything new, and a morbid economic order drowning in its own surplus liquidity and willing to invest in any bubble that comes along….

Tagged as: , , , | Author:
[Dienstag, 20170613, 05:00 | permanent link | 0 Kommentar(e)


Links from 2017-05-25

The remarkable Neal Stephenson interview | Damien Walter

Neal Stephenson – legendary author of speculative fiction –  on Elon Musk and geek culture, the  NSA revelations of Edward Snowden, how negative cultural narratives are killing big science  – and the upbringing that made him the writer he is.

Tagged as: , , , | Author:
[Freitag, 20170526, 05:00 | permanent link | 0 Kommentar(e)


The Future of Work

Seit 4 Monaten testet Finnland das Grundeinkommen — schon jetzt gibt es einen unerwarteten Effekt

Obwohl das Pilotprojekt der Finnen erst vor kurzer Zeit begonnen hat, ist schon ein wichtiger Effekt zu erkennen — viele Teilnehmer sind deutlich weniger gestresst als zu der Zeit, in der sie Arbeitslosengeld erhalten haben.

Elon Musk: Automation Will Force Governments to Introduce Universal Basic Income

Elon Musk believes artificial intelligence that is much smarter than the smartest human on Earth could result in dangerous situations. Musk argues that the government must introduce a universal basic income program in order to compensate for automation

The meaning of life in a world without work

As technology renders jobs obsolete, what will keep us busy? Sapiens author Yuval Noah Harari examines ‘the useless class’ and a new quest for purpose

Oxford-Studie: In 25 Jahren werden 47 Prozent der Jobs verschwunden sein — und auch eurer ist nicht sicher

Auch eine Studie der renommierten University of Oxford stellt nun die Behauptung auf: In den nächsten 25 Jahren werden 47 Prozent der Jobs verschwinden — zumindest in den weit entwickelten Ländern dieser Erde.

Tagged as: , , , | Author:
[Donnerstag, 20170525, 18:42 | permanent link | 0 Kommentar(e)


Happy Towel Day

The Hitchhikers Guide To The Galaxy Wikipedia has the following to say about Towel Day:

Towel Day is celebrated every May 25 as a tribute by fans of the late author Douglas Adams. The commemoration was first held in 2001, two weeks after his death on May 11, and since then has been extended to an annual event. On this day, fans carry a towel with them throughout the day. The towel is a reference to Adams’s popular science fiction comedy series The Hitchhiker’s Guide to the Galaxy.

For this year, I found Douglas Adams reading from The Hitchhiker’s Guide to the Galaxy:

Tagged as: , , , , , , , | Author:
[Donnerstag, 20170525, 12:29 | permanent link | 0 Kommentar(e)


Radicale Calendar Server with Debian 8 (Jessie) and IMAP/SHADOW Authentication via Apache httpd

As I plan to move from a proprietary calendaring to a more „ressource-aware” open source solution, I decided to give Radicale a try. It is open source, appears to be rather pragmatic in its approach to „standards” and has a small footprint in regards to system requirements.

With me running Debian 8 on my server, I decided to stick with the available package and not install „from source”. So a quick „apt-get install radicale” took care of installing the necessary software (do not forget to enable the Radicale daemon in /etc/default/radicale).

The configuration of Radicale is rather straightforward and simple. In regards to transport security, You can reuse an existing TLS certificate (or get a new one from Let’s encrypt). For authentication, you can choose between several options. As I don’t have an LDAP server (yet) and I didn’t want to create a .httpasswd entry for each user, I chose „IMAP”. So Radicale will validate all credentials against the local IMAP server (Dovecot in my case).

The relevant bits and pieces of my /etc/radicale/config file look like this:

# bin to all legacy IP addresses
hosts = 0.0.0.0:5232
 
# SSL flag, enable HTTPS protocol
ssl = True
 
# SSL certificate path
certificate = /etc/ssl/certs/kalender.fullchain.cer
# SSL private key
key = /etc/ssl/private/kalender.key
 
# SSL Protocol used. See python's ssl module for available values
# TLS 1.0 or higher, as I still have to support older Android clients
protocol = ssl.PROTOCOL_TLSv1_2
 
# Ciphers available. See python's ssl module for available ciphers
# OWASP Cipher String 'B' (Broad compatibility)
# Again, more then strictly recommended in 2017 due to older Android devices
ciphers = DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA
 
# Message displayed in the client when a password is needed
realm ="Kalenderserver - Password Required"
 
[auth]
# Authentication method
# Value: None | htpasswd | IMAP | LDAP | PAM | courier | http | remote_user | custom
type = IMAP
 
# IMAP Configuration
imap_hostname = localhost
imap_port = 143
imap_ssl = true
 
[rights]
# Rights backend
# Value: None | authenticated | owner_only | owner_write | from_file | custom
type = owner_only
 
[storage]
# Storage backend
# Value: filesystem | multifilesystem | database | custom
type = filesystem
 
# Folder for storing local collections, created if not present
filesystem_folder = /var/lib/radicale/collections

If you want/need to share your calendar with other users, play around with the [rights] section. For my setup, this was fine.

This setup should also give you an adequate TLS configuration. There is of course room for improvement, if you know your clients all support TLS 1.2 and modern ciphers. See the OWASP TLS Cipher String Cheat Sheet and bettercrypto.org for details.

Once you restart the Radicale server via sudo service radicale restart you should get a "Radicale works!" message in the browser – if you opened up port 5232 on the firewall.

If you also enabled any form of authentication, the browser or ical/caldav client will prompt you with a „Basic Authentication” prompt for the credentials. If you, like in my case, configured IMAP, you will see in your IMAP log a connection, verifying the credentials you entered.

This is nice, but I did not want to open another port on my firewall for this. So how could I proxy this through my existing Apache httpd? Unfortunately, this is only covered halfway in the documentation.

You do have to create a (new) virtual host (eg. „calendar.example.com”) and configure the python WSGI module as well as authentication. To do so, we need a few modules installed and activated:

sudo apt-get install libapache2-mod-wsgi libapache2-mod-authnz-external pwauth
sudo a2enmod authnz_external
sudo a2enmod wsgi

The Apache httpd config for that virtual host including WSGI setup and authentication via mod-auth-external and pwauth might look like this:

<VirtualHost *:443>
    ServerName calendar.example.com
    
    # WSGI (WSGI is the Web Server Gateway Interface) config for radicale
    # Group "adm" so radicale can write to it's log file in /var/log/radicale
    WSGIDaemonProcess radicale user=radicale group=adm threads=1
    WSGIScriptAlias / /usr/share/radicale/radicale.wsgi
    
    # Add Authentication via pwauth
    <IfModule mod_authnz_external.c>
        AddExternalAuth pwauth /usr/sbin/pwauth
        SetExternalAuthMethod pwauth pipe
    </IfModule>
    
    <Directory /usr/share/radicale>
        WSGIProcessGroup radicale
        WSGIApplicationGroup %{GLOBAL}
        # Pass on authentication data to radicale
        WSGIPassAuthorization On
        AllowOverride None
        
        AuthType Basic
        # This should be the same string as the radicale "realm" value
        AuthName "Kalenderserver - Password Required"
        AuthBasicProvider external
        AuthExternal pwauth
        # Any valid user will be allowed to athenticate.
        # You could restrict this further via authz_unixgroup
        Require valid-user
    </Directory>

With that configuration, Apache will verify access against usernames & passwords in the passwd/shadow files (do NOT use mod_authnz_pam for that!) and will pass the authentication data on to radicale. If you add authz_unixgroup, you could further limit the number of users to the members of a specific group, …

 

As always, I stood on the shoulders of giants in my work on this. So further reading should be:

Do be aware, that Radicale 2, which is currently at RC2, will bring changes (only support for httpasswd auth, …). As I am using Debian stable and do not see any immediate benefits in upgrading Radicale atm., I am rather happy with this setup.

Tagged as: , , , , , , , , | Author:
[Samstag, 20170520, 18:19 | permanent link | 0 Kommentar(e)


Public Speaking 2017

Linuxwochen Wien

2017-05-04..06 Linuxwochen Wien 2017, FH Technikum Wien, Wien

Awwwwww - Advanced Wibbly-Wobbly World Wide Webserver Wizardry

Ein Rückblick auf die Transportverschlüsselung in Webservern, insbesondere nginx und Apache, sowie die Möglichkeiten Inhalte vor der Auslieferung zu komprimieren und bei Proxies und clients zu cachen. Abgerundet wird der Talk durch security relvante HTTP Response Header.

Gemeinsam mit MacLemon.
Slidedeck als PDF

VPNs - Angewandte Verwirrung für Leitweg Tabellen

Die gängigsten VPN Protokolle sowie Nutzungsempfehlungen. Konfigurationsanleitung für OpenVPN 2.3/2.4.1 inkl. sicherer Ciphersuiten für zeitgemäße Verschlüsselung. Die Konfiguration von Clients auf unterschiedlichen Platformen, wie Linux, BSD, Windows und macOS wird behandelt. Im zweiten Teil geht es um die Konfiguration eine IPSec und IKEv2 basierten VPN Servers auf Basis der Scripte von AlgoVPN auf einem eigenen Ubuntu Server. Danach wird die Konfiguration von macOS und iOS Clients gezeigt. Den erwähnten VPN-Anbieter Vergleich findet man unter iThat One Privacy Site.

Gemeinsam mit MacLemon.
Slidedeck als PDF

SSH Workshop - From Zero to Hero*ine.

Grundlagen für die Benutzung von SSH, insbesondere OpenSSH. Ein zweistündiger Workshop für Einsteiger*innen in die Benutzung von des ssh(1) Commandline Clients.

Gemeinsam mit MacLemon.

Grazer Linuxtage

2017-04-28..29, Grazer Linuxtage 2017, FH Joanneum, Graz

SSH Workshop - From Zero to Hero*ine.

Grundlagen für die Benutzung von SSH, insbesondere OpenSSH. Ein zweistündiger Workshop für Einsteiger*innen in die Benutzung von des ssh(1) Commandline Clients.

Gemeinsam mit MacLemon.

Awwwwww - Advanced Wibbly-Wobbly World Wide Webserver Wizardry

Ein Rückblick auf die Transportverschlüsselung in Webservern, insbesondere nginx und Apache, sowie die Möglichkeiten Inhalte vor der Auslieferung zu komprimieren und bei Proxies und clients zu cachen. Abgerundet wird der Talk durch security relvante HTTP Response Header.

Gemeinsam mit MacLemon.
Slidedeck als PDF

BSides Ljubljana 0x7E1

2017-03-10, BSides Ljubljana 0x7E1, Poligon creative centre, Ljubljana, Slovenia

Peculiar SSH – May we interest you in this particular feature?

We all use SSH on a more or less daily basis. More advanced users even have created a config file for their clients in order to spare some typos. So let us take you on a journey into the more “”peculiar”” features of SSH. From multi-factor authentication to jump hosts all the way to GPG and the use of SmartCards. Let us show you what SSH can do, if you invest some into configuring it.

Together with MacLemon.
Slidedeck as PDF

SSH Workshop - From Zero to Hero*ine.

Securely connecting though several host to a remote server and obfuscating the local configuration will also be part of the workshop. If there is time, we will also look at the server side of things and work through a few possible improvements. This workshops targets beginner to intermediate SSH users. As long as you have a fairly recent command line OpenSSH client, you are welcome no matter what operating system you are using. Basic knowledge of the Linux or BSD command line is required. (navigating the file system, editing files, …). OpenSSH 7.4 or higher recommended!

Together with MacLemon.

Tagged as: , , , | Author:
[Sonntag, 20170507, 23:38 | permanent link | 0 Kommentar(e)


Links from 2017-04-22

The Next Big Blue-Collar Job Is Coding

When I ask people to picture a coder, they usually imagine someone like Mark Zuckerberg: a hoodied college dropout who builds an app in a feverish 72-hour programming jag—with the goal of getting insanely rich and, as they say, “changing the world.”

But this Silicon Valley stereotype isn’t even geographically accurate. The Valley employs only 8 percent of the nation’s coders. All the other millions? They’re more like Devon, a programmer I met who helps maintain a ­security-software service in Portland, Oregon. He isn’t going to get fabulously rich, but his job is stable and rewarding: It’s 40 hours a week, well paid, and intellectually challenging. “My dad was a blue-­collar guy,” he tells me—and in many ways, Devon is too.

Tagged as: , , , | Author:
[Sonntag, 20170423, 05:00 | permanent link | 0 Kommentar(e)


Cleaning Up A Generated DKIM Entry for DNS-Webinterfaces

You want to use DKIM, you brave soul? Have you got everything set up? Consequently you asked one of the handy (online) tools spit out a configuration like this:

    oachkatzlschwoaf._domainkey  IN  TXT ( "v=DKIM1; h=sha265; k=rsa; s=email; "
        "p=YXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYX"
		"kahdkahsdkahsdkahdkahsdkahskdhakdhakhdkahdkahdkahdkahdkahdkadkahkdh"
        "ABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABAB==" )  ; ----- DKIM key oachkatzlschwoaf for domain example.com

So how do you get this into the DNS via your hosters webinterface?

For one, you need the „selector” as the „name” of your DNS entry. In this example, that would be „oachkatzlschwoaf._domainkey”.

The „value” of the DNS entry would be everything within the parentheses. As there is a 255-byte maximum length for a string within a single TXT or SPF RR record and according to RFC 4408 „Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1” a A domain name MUST NOT have multiple record , the published key has to be broken up into multiple strings.
This is exactly what those generators already do for you.

So the „value” in the DNS entry would look like this one once a DKIM checker queried the DNS and parsed the result:

v=DKIM1;H=sha265;k=rsa;s=email;p=YXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABAB==

HTH

Tagged as: , , , , , | Author:
[Montag, 20170313, 19:52 | permanent link | 0 Kommentar(e)


Links from 2017-03-04

Aptik - A Tool to Backup/Restore Your Favourite PPAs and Apps in Ubuntu

Aptik is a open source package that simplify backup and restore of PPAs, Applications and Packages after a fresh installation or upgradation of Debian based Ubuntu, Linux Mint and other Ubuntu derivatives.

Tagged as: , , , | Author:
[Sonntag, 20170305, 05:00 | permanent link | 0 Kommentar(e)


Links from 2017-03-01

"e;Deutschland braucht bis 2025 flächendeckend Glasfaseranschlüsse mit mindestens 1 GBit/s.

"Reine Glasfaseranschlüsse bis direkt zu allen Bürgern und Unternehmen sind schon bald so wichtig wie ein Wasser- oder Stromanschluss", meint der Präsident des Bundesverband Breitbandkommunikation (Breko), Norbert Westfal.

… um den Weg in die Gigabit-Gesellschaft zu bereiten und den Digitalisierungsbedarf etwa rund um die nächste Mobilfunkgeneration 5G zu decken. Diese brauche als Fundament ein schnelles Festnetz, auch wenn die konkreten Leistungsparameter und Verfügbarkeitszeiten noch offen seien.

Tagged as: , , , | Author:
[Donnerstag, 20170302, 05:00 | permanent link | 0 Kommentar(e)


Links from 2017-02-25

The future of robotics and artificial intelligence in Europe

Let me first clarify what we mean by AI and robotics:

Firstly, we have industrial robots installed on factory floors, carrying out repetitive tasks such as pick and place or transporting goods autonomously. They are programmed to achieve very specific tasks in very constrained environments and usually work behind fences with no human contact.

Increasingly, so-called collaborative robots are deployed on the shop floor which can work in close proximity of humans and do not need a security cage any longer.

A second category consists of professional service robots used outside traditional manufacturing. Typical examples include surgical robots in hospitals or milking robots on farms.

Consumer robots form the third category: they can be used for private purposes, typically at home, like vacuum cleaners, lawn mowers etc.

Finally, there are the purely software-based AI agents. Such systems are used, for example, to help doctors improve their diagnosis or in recommendation systems on shopping websites.

AI-based software, in conjunction with sophisticated sensors and connectivity, is also increasingly used to make all kinds of devices and objects around us intelligent. The most notable example in this context is probably the self-driving car.

While many of these robots and AI systems are impressive and have progressed a lot recently, they are still very far from exhibiting intelligent, human-like behaviour or are indistinguishable from a human. In other words: they don’t pass the Turing test yet. This futuristic vision would need a debate at a different level, including asking very profound ethical questions.

Tagged as: , , , | Author:
[Sonntag, 20170226, 05:00 | permanent link | 0 Kommentar(e)


Links from 2017-02-19

Cory Doctorow’s Walkaway Believes Technology Can Save Us from Ourselves

I wanted to write a story about how technology can be used in times of disaster to let us work together,” Doctorow explains. “The Internet has given us a lot of high-profile flame wars and trolling and such, but the Internet is primarily used by most of us to be kind to other people, strangers and loved ones alike. Writing a story about how we might consciously craft technology to give society a graceful failure mode where we use it as connective tissue to tie together our collective rebuilding seems to me to be a way to counter the kind of weaponized narrative about humanity’s fundamental evilness that carried the last presidential election.

Tagged as: , , , | Author:
[Montag, 20170220, 05:00 | permanent link | 0 Kommentar(e)


Privatsphäre muss man sich leisten können @1

Evgeny Morozov in The Guardian:

First of all, to call the privilege of not responding to after-hours work-related emails “the right to disconnect” is misleading at best. As it stands, such a narrow definition excludes many other types of social relations where permanent or temporary disconnection by the weaker party might be desirable and where the urge to be connected means a profit opportunity for some and a blunt abuse of power for others.

Can one really afford to “disconnect” from insurance companies, banks, and immigration authorities? In principle, yes – if one can afford the associated (and rapidly increasing) social and financial costs of disconnection and anonymity. Those seeking to disconnect will ultimately have to pay for the privilege – in higher loan rates, more expensive insurance packages, more time wasted on trying to assure the immigration officer of one’s peaceful intentions.

Second, if those prophesying the arrival of digital labour – the idea that, in generating data, we also produce immense economic value simply by using the most basic digital services – are even half-right, it follows that responding to personal emails, rather than just work-related ones, also counts as “work”.

Tagged as: , , , , | Author:
[Sonntag, 20170219, 11:48 | permanent link | 0 Kommentar(e)


Links from 2017-02-17

Elon Musk: Automation Will Force Governments to Introduce Universal Basic Income

However, displacement due to automation isn’t just limited to transportation, it will sweep across a number of industries, and Musk argues that the government must introduce a UBI program in order to compensate for this. “I don’t think we’re going to have a choice,” he said. “I think it’s going to be necessary. There will be fewer and fewer jobs that a robot cannot do better.”

Tagged as: , , , | Author:
[Samstag, 20170218, 05:00 | permanent link | 0 Kommentar(e)


Links from 2017-01-09

David Bowie Is Sci-Fi and Fantasy Personified | Tor.com

As an artist, David Bowie has spent a lifetime blurring the lines between performer and stage persona: after all, The Rise and Fall of Ziggy Stardust and the Spiders From Mars was famously advertised with the slogan “David Bowie is Ziggy Stardust”—while, in smaller type, the words “Ziggy Stardust is David Bowie” ran across the bottom of the ad.

This confusion between creator and creation is something Bowie has played upon from the very beginning—and then there’s the fact that, over the last couple decades, he himself has become the direct inspiration for various fictional characters, from the Lucifer of Neil Gaiman’s Sandman to The Venture Bros. shapeshifting leader of The Guild of Calamitous Intent. So let’s take a look at a few of Bowie’s more interesting incarnations, both as an actor and as a character, the dreamer and the dream

Tagged as: , , , | Author:
[Dienstag, 20170110, 05:00 | permanent link | 0 Kommentar(e)


Links from 2016-12-23

Predicting the end of cloud computing | Network World

Andreessen Horowitz VC Peter Levine believes that the increased computing power of Internet of Things devices, combined with ever-increasingly accurate machine learning technologies, will largely replace the infrastructure as a service public cloud market with intelligent edge computing.

Tagged as: , , , | Author:
[Samstag, 20161224, 05:00 | permanent link | 0 Kommentar(e)


Links from 2016-12-15

ePrivacy-Leak: Das bedeuten die Vorschläge der EU-Kommission für unsere Grundrechte | netzpolitik.org

Im Kampf um unsere Privatsphäre wird die Reform der ePrivacy-Richtlinie im 2017 das wichtigste Schlachtfeld. Ein geleakter Entwurf zeigt: Die EU-Kommission macht zwar gute Vorschläge zur besseren Kontrolle von Web-Tracking – grundsätzlich dürfen uns Unternehmen und Staaten aber weiter analysieren.

Tagged as: , , , | Author:
[Freitag, 20161216, 05:00 | permanent link | 0 Kommentar(e)


Locales When Using SSH On A Remote Server

When SSHing to a remote server and compiling Python there (don’t ask), i stumbled upon the issue that gcc and other tools complained about a missing locale:

locale: Cannot set LC_CTYPE to default locale: No such file or directory

As not even a sudo dpkg-reconfigure locales solved the issue, as I thought that I only had the „en_US.UTF-8” locale on the server.

But apparently, you also have to provide any locales you use locally (on the Laptop/PC you are SSHing from) on the server in order to fix the issue.

And lo and behold, once I added „de_AT.UTF-8” via sudo dpkg-reconfigure locales everything started working.

Which got me thinking, because that can’t be the solution to this issue, to add more and more or even all locales to all servers I have to touch.

So after a little digging, I found the solution, which I now official add to all my checklist for laptops/pcs I work on:

Modify /etc/ssh/ssh_config by commenting/disabling the following line:
*
    ...
    # SendEnv LANG LC_*

Unfortunately, there is no „UnSendEnv” command.

Tagged as: , , , , | Author:
[Mittwoch, 20161214, 03:12 | permanent link | 0 Kommentar(e)


Martin And The Modern Toolsets

I tried to set up a virtual machine. Using vagrant, because that’s what the cool kids are using. And I wanted to learn. I learned a lot.

TL;DR: Everything is b0rken, I need a different job. Something with wood.

 

It started with the classic 2001 „I am sorry Dave. I can’t do that”:

vagrant up                                   
....
vm:
* The box 'debian/jessie64' could not be found.

Googling that brought me to a thread from August 2015 and this little gem:
Apparently if it’s before 1.5, it doesn’t integrate with „HashiCorp Atlas,” the service that hosts [the boxes].

Well …

dpkg -l vagrant                                                  
...
||/ Name           Version      Architecture Description
+++-==============-============-============-=================================
ii  vagrant        1.4.3-1      all          Tool for building and distributin

Further reading brought this up:

There is a .deb of the latest version on vagrantup.com, I’d strongly recommend just using that if you can. Ran into this same issue when trying to set folks up with Vagrant dev environments before. 1.4.3 is ancient and practically no modern Vagrantfile will run on it.
10 Head -> Table
20 Goto 10

Tagged as: , , , , , , | Author:
[Mittwoch, 20161214, 02:01 | permanent link | 0 Kommentar(e)


GovCamp - Die Privatsphäre und der Staat

Als einer der Mit-Organisatoren der Privacy Week im Oktober 2016 und Mitglied des Chaos Computer Clubs Wien (C3W) habe ich – was das Verständnis von Privacy und Datenschutz betrifft – auf den GovCamp einiges einstecken müssen.

Zum einen - und hier müssen alle interessierten NGOs, … noch viel lauter werden und mehr arbeiten – ist den BenutzerInnen noch immer nicht bewusst genug, wie wichtig Ihnen die Privatsphäre, bzw. dass diese aktiv zu schützen ist.
Wenn die wenigen Mechanismen (zum Beispiel das bereichsspezifische Personenkennzeichen „bPK”), die der Gesetzgeber überhaupt vorgesehen hat, von den Benutzers eher als Hindernis, denn alls Schutzmechanismus gesehen werden, müssen wir noch mehr Aufklärungsarbeit leisten. Wenn man es Ihnen dann erklärt, verstehen sie es meist sehr schnell, aber über den ersten „ah, das wäre praktisch” Gedanken hin zu „was bedeutet das in weiterer Folge”, denken die meisten BenutzerInnen leider immer noch nicht nach.
Ein „Gov”-Track im Rahmen der nächsten Privacy Week wäre für mich ev. eine Möglichkeit hier etwas zu tun.

In dem Track „MyData in Verwaltung – Jetzt will ich’s Wissen“ ging es dann um eine Anwendung, die dem BRZ vorschwebt, in der – ähnlich dem Google Dashboard – BürgerInnen alle Daten angezeigt bekommen, welche DURCH ALLE BEHÖRDEN über sie gespeichert werden. So zumindest die erste Vorstellung der Dame und des Herren des Bundesrechenzentrums.

Ihr könnt Euch vermutlich vorstellen, wie sich mein Blutdruck entwickelt hat, als die Vertreter des Bundesrechenzentrums, laut Eigendefintion „der IT-Dienstleister und marktführende E-Government-Partner der österreichischen Bundesverwaltung” mit einer Portalidee daherkommen, die ALLE Datenschutzmaßnahmen, die in den letzten 20-30 Jahren eingerichtet wurden, aushebeln soll und quasi „Datenschutzverletzung” schreit. Und die am Tisch anwesenden BenutzerInnen das dann auch noch mit „das wäre aber praktisch” kommentieren.

Wenn man dann allerdings im aktuellen Kundenmagazin „read_it” des BRZ den neuen Geschäftsführer mit dem Zitat „Unser Ziel muss es sein, das gesamte Verwaltungsservice für die Bevölkerung in einem No-Stop-Shop zu zentralisieren.“ findet, wird einem klar, warum diese Idee des „Portals” nicht bereits im ersten digtal-agilen Cyber-Scrum aufgrund der Datenschutzbedenken zu Grabe getragen wurde.

In besagtem Kundenmagazin findet sich dann Markus Kaiser, seit Mai Geschäftsführer des Bundesrechenzentrums auch noch mit folgender Aussage:

Wir werden verstärkt mit unseren Kunden Digitalisierungs-Roadmaps erstellen, also schlüssige Gesamtkonzepte, die zu besserem Bürgerservice und Arbeitserleichterungen führen.

Wir müssen lernen, Daten nicht als Risiko, sondern als Chance zu begreifen. Die öffentliche Sicherheitsdiskussion wird nicht immer rational geführt. Ich staune beispielsweise, dass mehr als dreieinhalb Millionen Menschen in Österreich einen Facebook-Account haben und dort intimste Details aus ihrem Leben publizieren, gleichzeitig aber Probleme damit haben, wenn in einem extrem sicheren Umfeld wie ELGA lebenswichtige Gesundheitsdaten zur Notfallprävention gespeichert werden. Hier ein Umdenken zu schaffen, ist auch eine der Herausforderungen der digitalen Transformation.

Auf das Bundesrechenzentrum und die „Lösungen”, die dort heraus kommen, wird man also in den kommenden Monaten und Jahren ein ein noch genaueres Auge haben müssen, wenn man diese haarsträubenden Aussagen des BRZ GF (früher Siemens und Atos) liest.

Zurück zum GovCamp: Wir konnten der Dame und dem Herren vom BRZ dann klar machen, dass ein Portal, über welches man zentralisiert und automationsunterstützt Auskunftsbegehren gemäß §§ 1, 23, 26, 50 DSG 2000 gegenüber Behörden abwickeln könnte eine super Sache wäre, wohingegen das ursprünglich angedachte Portal maximal eine gute Idee wäre, wenn man als BRZ in die Negativschlagzeilen kommen wollte.

Übrigens: Wer Auskunftsbegehren gemäß §§ 1, 23, 26, 50 DSG 2000 absetzen möchte, findet in den Vortragsunterlagen zum Workshop „Ich nutze mein Recht auf Auskunft”, den Matthias Fassl im Rahmen der Privacy Week veranstaltete, Formulare und Adresslisten zur gefälligen Verwendung.

In diesem Fall: Gut, dass ich in der Session wahr, so können wir eventuell frühzeitig einen Daten-GAU verhindern.

Tagged as: , , , , , , | Author:
[Dienstag, 20161213, 09:00 | permanent link | 0 Kommentar(e)


GovCamp: Digitale Kompetenzen (junger Menschen)

Die Okfn.at stellte sich im Rahmen des GovCamps mit ihren Initiativen zur Förderung der so genannten „digitalen Kompetenz” vor und sammelte hierzu im Rahmen eines World Cafés Feedback.

Wie immer, wenn das Schlagwort „Digitale Kompetenz” fällt, ist vor allem die Stille bezeichnend, wenn man nachfragt, worum es dabei denn nun eigentlich gehe. Im Rahmen der Session fiel zumindest der Link zum World Economic Forum und dessen „Definition” (besser Auflistung), der „8 digital skills we must teach our children” (natürlich sehr aus der Sichtweise der Industrie):

  • Digital identity
  • Digital use
  • Digital safety
  • Digital security
  • Digital emotional intelligence
  • Digital communication
  • Digital literacy
  • Digital rights

Übung für daheim: „Digital” in diesen Texten durch „Computer”, „EDV”, „Multimedia”, „Datenhighway”, „Web 2.0” oder „Cyber” ersetzen.

Wesentlich konkreter als die Liste des World Economic Forums waren die Ergebnisse des World Cafés auf dem GovCamp auf die Frage „Wie sollen, in einer idealen Welt, die digitalen Kompetenzen junger Menschen aussehen?”
Was mir an diesem Ergebnis so gefällt, ist die Tatsache, dass keine dieser Kompetenzen auch nur irgendetwas mit „Digital” zu tun hat. Das sind alles Kompetenzen, die wir unseren Kindern seit Generationen vermitteln sollten. Jetzt wäre es halt auch schon, dass Politik und NGOs sich nicht länger von diesen digitalen Cyber-Blendgranaten ablenken lassen würden.

Der Bundesregierung, der Staatssekretärin Dudzda, dem Bundeskanzleramt und all jenen, die mit der Lobbyorganisation „Internetoffensive Österreich” zusammenarbeiten, würde ich gerne den folgenden Absatz aus den Ergebnissen des World Cafes ins Stammbuch schreiben:

Als Problem wurde erkannt, dass die Wirtschaft aktuell einen zu großen Einfluss auf die strategische Ausrichtung dessen, welche Inhalte und Mittel zur digitalen Kompetenzförderung notwendig wären, hat. Das liegt daran, dass diese Rolle nicht im ausreichenden Maß von der Politik wahrgenommen wird. Schulen und Lehrerinnen sollten Experten zur Seite gestellt werden, die u.U. ehrenamtlich und mit reduziertem Einfluss der Wirtschaft ihr Know How vermitteln.

Das „reduziertem Einfluss der Wirtschaft” würde ich noch mit „ohne Einfluss der Wirtschaft” ersetzen, aber sonst passt es.

Tagged as: , , , , , , , | Author:
[Montag, 20161212, 09:00 | permanent link | 0 Kommentar(e)


Disclaimer

„Leyrers Online Pamphlet“ ist die persönliche Website von mir, Martin Leyrer. Die hier veröffentlichten Beiträge spiegeln meine Ideen, Interessen, meinen Humor und fallweise auch mein Leben wider.
The postings on this site are my own and do not represent the positions, strategies or opinions of any former, current or future employer of mine.

Search

RSS Feed RSS Feed

Tag Cloud

2007, a-trust, a.trust, a1, accessability, acta, advent, age, amazon, ankündigung, apache, apple, audio, austria, backup, barcamp, bba, big brother awards, birthday, blog, blogging, book, books, browser, Browser_-_Firefox, buch, bürgerkarte, cars, cartoon, ccc, cfp, christmas, cloud, collection, computer, computing, concert, conference, copyright, database, date, datenschutz, debian, delicious, demokratie, design, desktop, deutsch, deutschland, developer, digitalks, dilbert, disobay, dna, dns, Doctor Who, documentation, domino, Domino, Douglas Adams, download, drm, dsk, dvd, e-card, e-government, e-mail, e-voting, E71, Ein_Tag_im_Leben, email, eu, event, exchange, Extensions, fail, feedback, film, firefox, flightexpress, food, foto, fsfe, fun, future, games, gaming, geek, geld, gleichberechtigung, google, graz, grüne, grüninnen, hack, hacker, handtuch, handy, hardware, HHGTTG, history, how-to, howto, hp, html, humor, ibm, IBM, ical, image, innovation, intel, internet, internet explorer, iphone, ipod, isp, IT, it, java, javascript, job, journalismus, keyboard, knowledge, konzert, language, laptop, law, lego, lenovo, life, links, Linux, linux, linuxwochen, linuxwochenende, living, lol, london, lost+found, lotus, Lotus, lotus notes, Lotus Notes, lotusnotes, LotusNotes, lotusphere, Lotusphere, Lotusphere2006, lotusphere2007, lotusphere2008, Lotusphere2008, lustig, m3_bei_der_Arbeit, mac, mail, marketing, mathematik, media, medien, metalab, microsoft, Microsoft, mITtendrin, mobile, mood, movie, mp3, multimedia, music, musik, männer, netwatcher, network, netzpolitik, news, nokia, Notes, notes, Notes+Domino, office, online, OOXML, openoffice, opensource, orf, orlando, os, outlook, patents, pc, pdf, perl, personal, php, picture, pictures, podcast, politics, politik, pr, press, presse, privacy, privatsphäre, productivity, programming, protest, qtalk, quintessenz, quote, quotes, radio, rant, recherche, recht, release, review, rezension, rss, science, search, security, server, sf, shaarli, Show-n-tell thursday, sicherheit, silverlight, SnTT, social media, software, sony, sound, space, spam, sprache, spö, ssh, ssl, standards, storage, story, stupid, summerspecial, sun, sysadmin, talk, technology, The Hitchhikers Guide to the Galaxy, theme, thinkpad, tip, tipp, tools, topgear, torrent, towel, Towel Day, TowelDay, travel, truth, tv, twitter, ubuntu, uk, unix, update, usa, vds, video, videoüberwachung, vienna, Vim, vim, vista, vorratsdatenspeicherung, vortrag, wahl, wcm, web, web 2.0, web2.0, web20, Web20, webdesign, werbung, wien, wiener linien, wikileaks, windows, windows 7, wired, wishlist, wissen, Wissen_ist_Macht, wlan, work, wow, wtf, wunschzettel, Wunschzettel, www, xbox, xml, xp, zensur, zukunft, zune, österreich, övp, übersetzung, überwachung

AFK Readinglist