Neal Stephenson – legendary author of speculative fiction – on Elon Musk and geek culture, the NSA revelations of Edward Snowden, how negative cultural narratives are killing big science – and the upbringing that made him the writer he is.
Tagged as: collection, delicious, links, shaarli | Author: Martin Leyrer
[Freitag, 20170526, 04:00 | permanent link | 0 Kommentar(e)
Seit 4 Monaten testet Finnland das Grundeinkommen — schon jetzt gibt es einen unerwarteten Effekt
Obwohl das Pilotprojekt der Finnen erst vor kurzer Zeit begonnen hat, ist schon ein wichtiger Effekt zu erkennen — viele Teilnehmer sind deutlich weniger gestresst als zu der Zeit, in der sie Arbeitslosengeld erhalten haben.
Elon Musk: Automation Will Force Governments to Introduce Universal Basic Income
Elon Musk believes artificial intelligence that is much smarter than the smartest human on Earth could result in dangerous situations. Musk argues that the government must introduce a universal basic income program in order to compensate for automation
The meaning of life in a world without work
As technology renders jobs obsolete, what will keep us busy? Sapiens author Yuval Noah Harari examines ‘the useless class’ and a new quest for purpose
Auch eine Studie der renommierten University of Oxford stellt nun die Behauptung auf: In den nächsten 25 Jahren werden 47 Prozent der Jobs verschwinden — zumindest in den weit entwickelten Ländern dieser Erde.
Tagged as: future, reading, thinking, work | Author: Martin Leyrer
[Donnerstag, 20170525, 17:42 | permanent link | 0 Kommentar(e)
The Hitchhikers Guide To The Galaxy Wikipedia has the following to say about Towel Day:
Towel Day is celebrated every May 25 as a tribute by fans of the late author Douglas Adams. The commemoration was first held in 2001, two weeks after his death on May 11, and since then has been extended to an annual event. On this day, fans carry a towel with them throughout the day. The towel is a reference to Adams’s popular science fiction comedy series The Hitchhiker’s Guide to the Galaxy.
For this year, I found Douglas Adams reading from The Hitchhiker’s Guide to the Galaxy:
Tagged as: dna, Douglas Adams, handtuch, HHGTTG, The Hitchhikers Guide to the Galaxy, towel, Towel Day, TowelDay | Author: Martin Leyrer
[Donnerstag, 20170525, 11:29 | permanent link | 0 Kommentar(e)
As I plan to move from a proprietary calendaring to a more „ressource-aware” open source solution, I decided to give Radicale a try. It is open source, appears to be rather pragmatic in its approach to „standards” and has a small footprint in regards to system requirements.
With me running Debian 8 on my server, I decided to stick with the available package and not install „from source”. So a quick „apt-get install radicale” took care of installing the necessary software (do not forget to enable the Radicale daemon in /etc/default/radicale).
The configuration of Radicale is rather straightforward and simple. In regards to transport security, You can reuse an existing TLS certificate (or get a new one from Let’s encrypt). For authentication, you can choose between several options. As I don’t have an LDAP server (yet) and I didn’t want to create a .httpasswd entry for each user, I chose „IMAP”. So Radicale will validate all credentials against the local IMAP server (Dovecot in my case).
The relevant bits and pieces of my /etc/radicale/config file look like this:
# bin to all legacy IP addresses hosts = 0.0.0.0:5232 # SSL flag, enable HTTPS protocol ssl = True # SSL certificate path certificate = /etc/ssl/certs/kalender.fullchain.cer # SSL private key key = /etc/ssl/private/kalender.key # SSL Protocol used. See python's ssl module for available values # TLS 1.0 or higher, as I still have to support older Android clients protocol = ssl.PROTOCOL_TLSv1_2 # Ciphers available. See python's ssl module for available ciphers # OWASP Cipher String 'B' (Broad compatibility) # Again, more then strictly recommended in 2017 due to older Android devices ciphers = DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA # Message displayed in the client when a password is needed realm ="Kalenderserver - Password Required" [auth] # Authentication method # Value: None | htpasswd | IMAP | LDAP | PAM | courier | http | remote_user | custom type = IMAP # IMAP Configuration imap_hostname = localhost imap_port = 143 imap_ssl = true [rights] # Rights backend # Value: None | authenticated | owner_only | owner_write | from_file | custom type = owner_only [storage] # Storage backend # Value: filesystem | multifilesystem | database | custom type = filesystem # Folder for storing local collections, created if not present filesystem_folder = /var/lib/radicale/collections
If you want/need to share your calendar with other users, play around with the [rights] section. For my setup, this was fine.
This setup should also give you an adequate TLS configuration. There is of course room for improvement, if you know your clients all support TLS 1.2 and modern ciphers. See the OWASP TLS Cipher String Cheat Sheet and bettercrypto.org for details.
Once you restart the Radicale server via sudo service radicale restart you should get a "Radicale works!" message in the browser – if you opened up port 5232 on the firewall.
If you also enabled any form of authentication, the browser or ical/caldav client will prompt you with a „Basic Authentication” prompt for the credentials. If you, like in my case, configured IMAP, you will see in your IMAP log a connection, verifying the credentials you entered.
This is nice, but I did not want to open another port on my firewall for this. So how could I proxy this through my existing Apache httpd? Unfortunately, this is only covered halfway in the documentation.
You do have to create a (new) virtual host (eg. „calendar.example.com”) and configure the python WSGI module as well as authentication. To do so, we need a few modules installed and activated:
sudo apt-get install libapache2-mod-wsgi libapache2-mod-authnz-external pwauth sudo a2enmod authnz_external sudo a2enmod wsgi
The Apache httpd config for that virtual host including WSGI setup and authentication via mod-auth-external and pwauth might look like this:
<VirtualHost *:443>
ServerName calendar.example.com
# WSGI (WSGI is the Web Server Gateway Interface) config for radicale
# Group "adm" so radicale can write to it's log file in /var/log/radicale
WSGIDaemonProcess radicale user=radicale group=adm threads=1
WSGIScriptAlias / /usr/share/radicale/radicale.wsgi
# Add Authentication via pwauth
<IfModule mod_authnz_external.c>
AddExternalAuth pwauth /usr/sbin/pwauth
SetExternalAuthMethod pwauth pipe
</IfModule>
<Directory /usr/share/radicale>
WSGIProcessGroup radicale
WSGIApplicationGroup %{GLOBAL}
# Pass on authentication data to radicale
WSGIPassAuthorization On
AllowOverride None
AuthType Basic
# This should be the same string as the radicale "realm" value
AuthName "Kalenderserver - Password Required"
AuthBasicProvider external
AuthExternal pwauth
# Any valid user will be allowed to athenticate.
# You could restrict this further via authz_unixgroup
Require valid-user
</Directory>
With that configuration, Apache will verify access against usernames & passwords in the passwd/shadow files (do NOT use mod_authnz_pam for that!) and will pass the authentication data on to radicale. If you add authz_unixgroup, you could further limit the number of users to the members of a specific group, …
As always, I stood on the shoulders of giants in my work on this. So further reading should be:
Do be aware, that Radicale 2, which is currently at RC2, will bring changes (only support for httpasswd auth, …). As I am using Debian stable and do not see any immediate benefits in upgrading Radicale atm., I am rather happy with this setup.
Tagged as: caldav, calendar, calender, carddav, debian, how-to, howto, ical, kalender | Author: Martin Leyrer
[Samstag, 20170520, 17:19 | permanent link | 0 Kommentar(e)
Gemeinsam mit MacLemon.
Slidedeck als PDF
Video auf Youtube
Gemeinsam mit MacLemon.
Slidedeck als PDF
Video auf Youtube
Gemeinsam mit MacLemon.
2017-04-28..29, Grazer Linuxtage 2017, FH Joanneum, Graz
Gemeinsam mit MacLemon.
Gemeinsam mit MacLemon.
Slidedeck als PDF
2017-03-10, BSides Ljubljana 0x7E1, Poligon creative centre, Ljubljana, Slovenia
Together with MacLemon.
Slidedeck as PDF
Together with MacLemon.
Tagged as: downloads, public speaking, talks, workshops | Author: Martin Leyrer
[Sonntag, 20170507, 22:38 | permanent link | 0 Kommentar(e)
Tagged as: downloads, public speaking, talks, workshops | Author: Martin Leyrer
[Sonntag, 20170507, 22:36 | permanent link | 0 Kommentar(e)