We started producing shows as Today with a Techie on 2005-09-19, 17 years, 6 months, 11 days ago. our shows are produced by listeners like you and can be on any topic that "are of interest to hackers". if you listen to HPR then please consider contributing one show a year. if you record your show now it could be released in 12 days.
Call for shows
We are running very low on shows at the moment. Have a look at the hosts page and if you don't see "2023-??-??" next to your name, or if your name is not listed, you might consider sending us in something.
Three examples of using Gitlab's CICD to generate a website.
Hosted by norrist on 2023-03-29 is flagged as Clean and released under a CC-BY-SA license. static website, gitlab pages, docker, mysql, cicd, .
Listen in ogg,
spx,
or mp3 format. general. | Comments (0).
GitLab always deploys your website from a specific folder called
public in your repository. To deploy your site, GitLab uses its built-in
tool called GitLab CI/CD to build your site and publish it to the GitLab
Pages server. The sequence of scripts that GitLab CI/CD runs to
accomplish this task is created from a file named .gitlab-ci.yml, which
you can create and modify. A specific job called pages in the
configuration file makes GitLab aware that you're deploying a GitLab
Pages website.
Overview of Steps
The end state has to be a directory named public that contains the
site contents
Optionally, run a build process in a container to create the
contents of the public directory
There has to be a pages declaration in
.gitlab-ci.yml
Example 1
simple demo
Create the Git repo and site content
Go to gitlab and create new Gitlab repo
Clone it to your workstation
Add public folder with site files
add .gitlab-ci.yml
Commit and push
git clone git@gitlab.com:norrist/simple_pages_demo.git
cd simple_pages_demo/
mkdir public
echo "Hello World" > public/index.html
git add public/
vim .gitlab-ci.yml
git add .gitlab-ci.yml
git commit -am "new page"
git push
.gitlab-ci.yml
pages:
stage: deploy
script:
- echo
artifacts:
paths:
- public
diff --git a/site.cfg b/site.cfg
index aefadb2..0243d27 100644
--- a/site.cfg
+++ b/site.cfg
@@ -8,10 +8,10 @@
#user: (not used - leave blank)
#password: (not used - leave blank)
# Configuration settings for MySQL
-#database: mysql
-#driver: dbi:mysql:database=hpr_hpr:hostname=localhost
-#user: hpr-generator (Suggested user with read-only privileges)
-#password: ********* (Password for user)
+database: mysql
+driver: dbi:mysql:database=hpr_hpr:hostname=mariadb
+user: root
+password: mysql
# Configure the location of the templates and the generated HTML
[app_paths]
@@ -25,7 +25,7 @@ output_path: ./public_html
[root_template]
content: page.tpl.html
#baseurl: OPTIONAL [i.e. file://<full path to local website directory>]
-baseurl: file:///home/roan/Development/hpr/website/hpr_generator/public_html/
+baseurl: https://norrist.gitlab.io/hpr_generator_build/
media_baseurl: https://archive.org/download/hpr$eps_id/
# Configure the navigation menu and the content templates for each page
Dissecting a COVID watch issued by Hong Kong Department of Health
Hosted by Bookewyrmm on 2023-03-28 is flagged as Clean and released under a CC-BY-SA license. device discovery, curiosity.
Listen in ogg,
spx,
or mp3 format. general. | Comments (0).
In December of 2022, I traveled to Hong Kong, at some point en-route
or in-country, I contracted covid.
Backing up a step in preparation for
the trip I was required to have a negative PCR before I could board
the plane from the US as well as proof of vaccination and at least
one booster shot.
Upon arrival, I was required to quarantine for 3 days as well as take a home test (referred to as RAT: Rapid Antigen Test, by the locals) every day for the first 7 days
On the 2nd full day in HK, I was required to take another clinical PCR provided at a health center, free of charge.
On the third day I received my PCR and RAT tests as Covid Positive.
By law I was now required to quarantine in my hotel until I tested negative on 2 consecutive days. Since my symptoms were very mild, a sniffle and low grade temp, merely 2-3 deg above normal, I could stay in the hotel and was not required to
transfer to a public health center.
I was also required to register the positive results with a government website. This registration kicked off a series of events, including a visit from a health representative. (he stood in the hall, I was not permitted to leave the room) I was Required to install an app on my phone called "Stay Home Safe'' and to wear a wristband that I presume was a GPS and possibly temp/pulse tracking device that connected to my phone by bluetooth. The agent installed the app, and synced the watch to it.
Hosted by Some Guy On The Internet on 2023-03-27 is flagged as Clean and released under a CC-BY-SA license. Oh No, News, Threat analysis, InfoSec, User space.
Listen in ogg,
spx,
or mp3 format. general. | Comments (1).
The Oh No! news.
Oh No! News, is Good
News.
Threat analysis; your attack surface.
TAGS: Malware, Phishing, Security Breach
GoDaddy, a Web Hosting Provider Hit Multiple Times by the
Same Group.
This month, GoDaddy, a leading web hosting provider, revealed that
it had experienced a major security breach over several years, resulting
in the theft of company source code, customer and employee login
credentials, and the introduction of malware onto customer
websites.
Major Security Breach: Spanning several years.
Data Breach:
Employee login credentials & customer data.
10-k
form Filled with the U.S. Securities and Exchange Commission.
Malware:
Compromising customer websites managed by GoDaddy.
Phishing Attacks: Exposed customer data including login credentials,
email addresses, and SSL private keys.
Chick-Fil-A Customers are Victims of a Data Breach.
Fast-food chain Chick-fil-A has issued a warning to customers
regarding a recent data security breach. The incident occurred between
Dec. 18, 2022 and Feb. 12, 2023, during which unauthorized parties
gained access to customer information, according to a statement posted
on the California Attorney General’s website on Tuesday.
Data Breach:
membership numbers, mobile pay numbers, QR codes, last 4 digits of
credit/debit card numbers, credits on Chick-fil-A accounts, birthdays,
phone numbers, and addresses.
New phishing campaign uses fake ChatGPT platform to scam
eager investors.
Bitdefender Antispam Labs confirmed that these scams initiate with
an email containing a link that directs users to a copycat version of
ChatGPT. The goal of this copycat version is to convince users that they
can earn as much as $10,000 per month on the duplicate ChatGPT
platform.
LassPass Security Incident Update and Recommended
Actions.
Major Security Breach: Spanning multiple years.
Data Breach:
Employee login credentials, source code & other intellectual
property, customer data.
Malware:
Attackers exploited third-party software to compromise company systems
by delivering a keylogger type malware.
InfoSec; the language of security.
TAGS: Information Security, Monitoring
Bitwarden flaw can let hackers steal passwords using
iframes.
Bitwarden highlights that the autofill feature is a potential risk
and even includes a prominent warning in its documentation,
specifically mentioning the likelihood of compromised sites abusing the
autofill feature to steal credentials.
Phishing: Sniff
credentials from a webpage HTML inline frame.
wikipedia:
An inline frame places another HTML document in a frame. Unlike an
<object /> element, an <iframe> can be the "target" frame
for links defined by other elements, and it can be selected by the user
agent as the focus for printing, viewing its source, and so on. The
content of the element is used as alternative text to be displayed if
the browser does not support inline frames. A separate document is
linked to a frame using the src attribute inside the <iframe />,
an inline HTML code is embedded to a frame using the srcdoc attribute
inside the <iframe /> element. First introduced by Microsoft
Internet Explorer in 1997, standardized in HTML 4.0 Transitional,
allowed in HTML5.
User space.
TAGS: Solutions, Services
Flathub’s Got Big Plans for 2023.
Developers are flocking to Flathub in droves, which means users are
too, and even Linux distributions (well, bar one) are getting in on the
action by making making it easier to install apps from Flathub with the
friction of setting things up using terminal commands or odd sounding
download files.
Flathub Beta site: Welcome
to Flathub, the home of hundreds of apps which can be easily installed
on any Linux distribution. Browse the apps online, from your app center
or the command line.
How I first got started with Computer Strategy Games
Hosted by Ahuka on 2023-03-24 is flagged as Clean and released under a CC-BY-SA license. Computer games, strategy games, Civilization.
Listen in ogg,
spx,
or mp3 format. general. | Comments (0).
This starts out the series on Computer Strategy Games, and we begin
with the game that got me hooked, the first Civilization game created by
Sid Meier and published by Microprose. Though it is pretty old now, it
is still fond in my heart, and in the hearts of so many other gamers. If
this comes across as a love letter, so be it. We will also in this
series look at where you can obtain old games, and where you can find
more information about the games I cover.
I explain how I assigned different functions to the spare buttons on my trackball mice.
Hosted by Jon Kulp on 2023-03-23 is flagged as Clean and released under a CC-BY-SA license. Linux configuration, tips and tricks, mouse configuration, keymapping.
Listen in ogg,
spx,
or mp3 format. general. | Comments (0).
Remapping Mouse Buttons with XBindKeys on Linux
After a really long time of not bothering to figure out how to do this, I finally did some research and found out how to remap the extra buttons on my Kensington Expert mouse and my Logitech marble trackball mouse in a Linux environment. The tools it needed were xvkbd, xdotool, and xbindkeys. I already had the first two installed, but had never used xbindkeys before. I also used xev to identify the button numbers and key numbers.
The Kensington Expert Mouse is one that I've had for about 15 years, and it was fairly expensive when I bought it, something like $75 or $80. It has four large buttons with a large trackball in the middle and a scroll wheel going around the track ball. I bought it at a time when I was doing a lot of graphic work that required clicking and dragging and double-clicking and stuff like that. If you're using it in a Mac or Windows environment, there is a special configuration tool that you can use to set it up just how you want. I had always configured it so that the upper left and upper right buttons were used for double-clicking and click dragging. This helped reduce a lot of strain on my hands. I have never gotten this to work on Linux, though, until today.
If you want to do this yourself, the first thing to do is make sure you have these packages installed: xvkbd, xdotool, and xbindkeys.
Then create a configuration file in your home directory:
~/.xbindkeysrc
In order to map the upper left button to "double click," and the upper right button to "click and drag," I added these lines to the configuration file:
On my desktop computer I have a Logitech marble trackball mouse, and it has two small keys that are assigned to back and forward by default. This can be handy for navigating file managers and web pages, but I wanted them to be assigned to "page up" and "page down" (to make up for the lack of a scroll wheel on the mouse). Here is the configuration file for that machine:
I suppose I could have used xdotool for this configuration file as well, but for reasons I can't remember now, I tried xvkbd first and it worked, so I did not experiment further. I used xdotool for the Kensington because xvkbd did not have a way to perform virtual mouse clicks.
Hosted by Brian in Ohio on 2023-03-22 is flagged as Clean and released under a CC-BY-SA license. z80, forth, retrocomputer.
Listen in ogg,
spx,
or mp3 format. general. | Comments (0).
nop redux
This is the updated code
-logicprobe
marker -logicprobe
variable Compare
variable Count
$23 constant PINB
$24 constant DDRB
$25 constant PORTB
$100 constant PINH
$101 constant DDRH
$102 constant PORTH
$a0 constant TCCR4A
$a1 constant TCCR4B
$a8 constant OCR4A
$b0 constant TCCR2A
$b1 constant TCCR2B
$b3 constant OCR2A
$2c constant PINE
$2d constant DDRE
$2e constant PORTE
$6a constant EICRB
$3d constant EIMSK
: ext4.irq ( -- ) Count @ 1+ Count ! ;i
: logicprobe.init ( -- )
\ tone generatoed through timer2
%0001.0000 DDRB mset \ d10, pb4
%0100.0010 TCCR2A c! \ use OC2A, ctc mode
$ff OCR2A c! \ compare falue
%0 DDRE c! \ e input
%0000.0010 EICRB mset \ falling edge
['] ext4.irq #6 int! \ attach interrupt
;
\ helper words
: open.gate ( -- ) 0 Count ! %0001.0000 EIMSK mset ;
: close.gate ( -- ) %0001.0000 EIMSK mclr ;
\ tone stuff
: high.tone ( -- ) %0000.0100 TCCR2B c! 750 ms 0 TCCR2B c! ;
: low.tone ( -- ) %0000.0110 TCCR2B c! 750 ms 0 TCCR2B c! ;
: alt.tone ( -- )
3 for
%0000.0100 TCCR2B c! 150 ms 0 TCCR2B c!
150 ms
%0000.0110 TCCR2B c! 150 ms 0 TCCR2B c!
150 ms
next
;
: process.data ( -- )
Count @ 1-
Count !
Count @ 0 > if
\ cr ." freq=" 10 * .
cr ." pulse"
alt.tone \ sound output
else
%0001.0000 PINE mtst if
cr ." high"
high.tone \ sound output
else
cr ." low"
low.tone \ sound output
then then
;
: wait 100 ms ;
: sample ( -- ) open.gate wait close.gate process.data ;
\ words called at the forth command line to do the test
demo tones
low.tone
high.tone
alt.tone
the test
sample \ a stop clocked
start.clock
sample
a0 line
sample
stop.clock and sample a0
stop.clock
sample
reset the z80 and single step probing the m1 signal
Hosted by Some Guy On The Internet on 2023-03-21 is flagged as Clean and released under a CC-BY-SA license. "Oh No, News", Data Breaches, Crypto Schemes, Packaging Defaults.
Listen in ogg,
spx,
or mp3 format. general. | Comments (0).
sec:
On January 5, 2023, - T-Mobile Discloses Data Breach Affecting 37
Million Customers.
On January 5, 2023, T-Mobile US, Inc. identified that a bad actor
was obtaining data through a single Application Programming Interface
(“API”) without authorization.
bleepingcomputer:
TruthFinder, Instant Checkmate confirm data breach affecting 20M
customers.
truthfinder:
2019 Account List Data Security Incident.
"We learned recently that a list, including name, email, telephone
number in some instances, as well as securely encrypted passwords and
expired and inactive password reset tokens, of Instant Checkmate
subscribers was being discussed and made available in an online forum.
We have confirmed that the list was created several years ago and
appears to include all customer accounts created between 2011 and 2019.
The published list originated inside our company."
sec:
SEC Charges NBA Hall of Famer Paul Pierce for Unlawfully Touting and
Making Misleading Statements about Crypto Security.
The Securities and Exchange Commission today announced charges
against former NBA player Paul Pierce for touting EMAX tokens, crypto
asset securities offered and sold by EthereumMax, on social media
without disclosing the payment he received for the promotion and for
making false and misleading promotional statements about the same crypto
asset. Pierce agreed to settle the charges and pay $1.409 million in
penalties, disgorgement, and interest.
sec:
SEC Charges Terraform and CEO Do Kwon with Defrauding Investors in
Crypto Schemes.
The Securities and Exchange Commission today charged Singapore-based
Terraform Labs PTE Ltd and Do Hyeong Kwon with orchestrating a
multi-billion dollar crypto asset securities fraud involving an
algorithmic stablecoin and other crypto asset securities.
To maintain this focus while also providing user choice, Ubuntu and
its flavors consider debs and snaps the default experience. Users have
the freedom of choice to get their software from other sources,
including Flatpak. A way to install these alternatives is, and will
continue to be, available for installation from the Ubuntu archive with
a simple command.
U.S. Securities and Exchange Commission (2023, February 17). SEC
Charges NBA Hall of Famer Paul Pierce for Unlawfully Touting and Making
Misleading Statements about Crypto Security. SEC. https://www.sec.gov/news/press-release/2023-34
U.S. Securities and Exchange Commission (2023, February 16). SEC
Charges Terraform and CEO Do Kwon with Defrauding Investors in Crypto
Schemes. SEC. https://www.sec.gov/news/press-release/2023-32
find or buy materials: duct or gorilla tape, trashed computer dvd
or cd drive, 20 18650 cells, molex connectors(you can also use barrel
jacks or whatever you want to transfer power), wire and maybe 'tab wire'
https://nl.aliexpress.com/item/32650006768.html
solder everything together as per schematic and pictures (there
is theoretically a danger in soldering cells, but I have never had a
problem. Have a pair of pliers and a nearby window handy to throw them
out of if anything goes wrong)
wrap in cardboard and tape as per pictures
add the cd/dvd drive lids(if you taped well you won't short
anything and burn your house down
tape dvd lids to battery
Getting into the battery for maintenance just requires a utility
knife.
Hear about the Uniscope 300 mainframe terminal from 1964.
Hosted by Deltaray on 2023-03-17 is flagged as Clean and released under a CC-BY-SA license. computer history,terminals.
Listen in ogg,
spx,
or mp3 format. general. | Comments (2).
In the early days of computing, the computing power was kept in centralized large mainframes and users would connect to them via so called "dumb" terminals. These often provided their output through a printer and continuous feed of paper. However in 1964 UNIVAC introduced the Uniscope 300, which was one of the first terminals to provide a video monitor for display. With the introduction of this system came the introduction of several concepts that we take for granted today and they are described during the reading of this brochure.
As I mention in the episode, $15,000 USD in 1964 is worth considerably more today, according to an online inflation calculator it is now worth approximately $144,000 today. So even if that was for 48 terminals as it seems to mention in the hand written note, that might equate to about $3000 per terminal in 2023 dollars.