interesting advice. Thanks!

I do not see that as phone-usage, I'm doing an experiment to see how easy / difficult it is to revert the "i need to know the time, so I grab my phone" reflex back to "I need to know the time, so I look at my wrist".

I'm currently reading some books on how easy it is to manipulate peoples behaviour using 'nudging', this to better understand the social engineering tricks used by hackers.

An chapter in one of these books in how social media use tricks to manupale our behaviour that resemble the tricks used by the gambling industry.

One of the things I find intriging is the size of a smartphones today. If you look at it objectively, they are actually so large that most people would consider it to be annoyting: you have to carry it in a bag, in a pocket of your pants -but you have to take your phone out when you want sit-, or ..you carry it in your hands. Have you noticed how many people have their smartphone in their hand when they walk around? But, of course, if you have something in your hand, it is very easy to open it quickly check your notifications; which reinforces the addiction.

So, that's the thing. People do not find it annoying.

So .. as an experiment, I am trying out how easy / difficult it is to break the habbit.

A small sidenote when (or if) I manage to get my garmin vivosmart HR charges, it does rapport activity per week, number of steps and number of floors I went up on foot per day, even without a smartphone app. So that's at least something :-)

One of the reasons I am looking for a new sportswatch is because I try to reduce my smartphone use and I noticed that I actually took out my smartphone just to check the time.

I have an old garmin vivosmart HR but I do have a problem with the charging cable. Plus I am not able to download the healthstats with my linux 'daily driver' laptop.

Perhaps I should just get a cheap regular watch somewhere? 🤔

I don't. I thought the emoji would have made that clear.

I have been doing cybersecurity awareness lately. We are starting to get over the furst hurdle: make people see the signatures of phishing message. But now we are starting with the 2nd hurdle: make people understand that when they write a genuine post, they should avoid these signatures of phishing, in this case, the "time pressure" argument.

The problem is that the more genuine messages have phising signatures, to more difficult it becomes for people to distinguish a genuine posts from phishing. There is also the risk that you genuine posts will get noted as fake (although that is clearly not the case here :-) )

ah .. currently not available :-/

ah. That looks very interesting. And they have a show here in the EU, and it seems to work with gadgetbridge (thx Lambda RX :-))

Thanks!

my daily driver is a ubuntu laptop so I was first thinking about that, but now that you mention a mobile app, ..yes. that would be nice too.

thanks for the food for thought :-)

A URL 'Free up to some-end-date'. ???

Phishing link? 🤔

Hum , interesting point. If you are a hacker, would you not prefer software to be spread out everywhere so people would be even more confused what is the real source for some application?

I guess people would then just depend on their search engine

Well, in principe I do not see that much different between 'curl | bash', 'sudo apt-get install' or installing an app on your phone. In the end, it all depends on trust.

Considering how complex software has become and on how many libraries from all over the internet any application that does more then 'hello world' depend, I do not see how you can do if you are not prepared to put blind trust into some things.

Concerning CrowdStrike, I am just reading an book on human behaviour (very interesting for everybody who is interested in cybersecurity), and I am just on the chapter about the fear of deciding with unknown parameters vs. the fear of not deciding at all. Any piece of software will brake at some point, so will you wait forever to find something that will not have any vulnerabilities?

Obtainium seems to have a very interesting take on this. Thanks for the link! I will check it out 👍

The problem is here is this: how is a user supposted to know if the official website of an application is organicmaps.app, organic-maps.app, organicmaps.org or github.com/organicmaps?

And even if she/he knows, hackers do ways to make you look the other way. The funny thing in this case is that the original author complained that the app was removed from google playstore, and did so on the fosstodon mastodon-server. Although I guess this was not at planned, he made the almost perfect social-engineering post. :-)

One of the basic elements of a democracy are three branches. In fact, democracy is an inherent instable system where these three branches must keep eachother in check. A natural concequence thereof is that every one of these three branches has the right to conduct and lead investigations.

That the courts can act proactive or reactive is more a cultural element then a core element of democracy. There are quite some countries where judges are part of the investigative process and can unilateral.

As Brazil, as a number of other countries in Latin America, has been in the situation in the past that both the gouvernement and the parlement are controlled by people with a .. euh .. not so good reputation on their democratic values, a judicial branch that acts in a more proactive manner should not be that IMHO unexptected.

Here there are two issues: free speech and the judicial system in Brasil. I'll reply to the later in a different mail.

The freedom of speech is the result of democracy. No democracy, no freedom of speech. It is also inherent part of the democractic process.

On the other hand, it is not the only element of a democracy. and it can also be used against these other elements?

My question to you: can you use a fundamental freedom, granted to you by the fact you line in a democracy, to attack democracy?

Big international companies have no problem to create pseudo "national" versions of services if they can make more money with it.

So there should not be a problem for the social media companies to create versions that meets local legislation.

If you create a product and want to sell it in a certain market, you must also adhere to the laws of that country/region.

Protection of citizens against unjust ruling by a court is a protection-principle of democrary.

Why would you grant such a protection to an organisation aimed at destroying democracy (X/twitter)?

Hi,

Just to put things into perspective.

Well, this example dates from some years ago, before LLMs and ChatGPT. But I agree that the principle is the same. (an that was exactly my point).

If you analyse this. The error the person made was that he assumed an arduino to be like a PC, .. while it is not. An arduino is a microcontroller. The difference is that a microcontroller has resources that are limited: pins, hardware interrups, timers, .. An addition, pins can be reconfigured for different functions (GPIO, UART, SPI, I2C, PWM, ...) Also, a microcontroller of the arduino-class does not run a RTOS, so is coded in "baremetal". And as there is no operating-system that does resource-management for you, you have to do it the application.

And that was the problem: Although resource-management is responsability of the application-programmer, the arduino environment has largly pushed that off the libraries. The libraries configure the ports in the correct mode, set up timers and interrupts, configure I/O devices, ...And in the end, this is where things went wrong. So, in essence, what happened is the programmer made assumption based on the illusion created by the libraries: writing application on arduino is just like using a library on a unix-box. (which is not correct)

That is why I have become carefull to promote tools that make things to easy, that are to good at hiding the complexity of things. Unless they are really dummy-proof after years and decades of use, you have to be very carefull not to create assumptions that are simply not true.

I am not saying LLMs are by definition bad. I am just careful about the assumptions they can create.

As a sidenote. This reminds me of a discussion I haver every so often on "tools that make things to easy".

There is something I call "the arduino effect:. People who write code for things, based on example-code they find left and right, and all kind of libraries they mix together. It all works .. for as long as it works. The problem is what happens if things do not work.

I once helped out somebody who had an issue with a simple project: he: "I don't understand it. I have this sensor, and this library.. and it works. Then I have this 433 MHz radio-module with that library and that also works. But when I use them together. It doesn't work"| me: what have you tried? he: well, looked at the libraries. They all are all. Reinstalled all the software. It's that neither me: could it be that these two boards use the same hardware interrupt or the same timer he: the what ???

I see simular issues with other platforms. GNU Radio is a another nice example. People mix blocks without knowing what exactly they do.

As said, this is all very nice, as long as it works

I wonder if programming-code generated by LLMs will not result in the same kind of problems. people who do not have the background knowledge needed to troubleshoot issues once problems become more complex.

(Just a thought / question .. not an assumpion)

To be honest, I have no personal experience with LLM (kind of boring, if you ask me). I know do have two collegues at work who tried them. One -who has very basic coding skills (dixit himself) - is very happy. The other -who has much more coding experience- says that his test show they are only good at very basic problems. Once things become more complex, they fail very quickly.

I just fear that, the result could be that -if LLMs can be used to provide same code of any project- open-source project will spend even less time writing documentation ("the boring work")

Hmmm .. 🤔 The best way not to make friends with somebody with over 30 years of coding experience: suggest him to use ChatGPT to write a computerprogram 🤣🤣

Wauw! So many answers in such a short time. Thanks all! 👍 (I will not spam the channel by sending a thank you to all but this is really greatly apriciated)

Concerning ncurses. I did hear of it but never looked at it myself. What is not completely clear for me. I know you can use it for 'low-level' things, but does it also include 'high-level' concepts like windows, input fields and so?

The blog mentioned in one of the other posts only shows low-level things.

No apps at all ???

So it really is like a dumb terminal. Now I know why I never used a Chromebook😀

Sounds like a money laundering sceme!

As I mentioned earlier, I guess chrome is more like android where you have a much more strict seperation between the OS, applications and user data. (I remember reading about all the different partitions on android and what they are used for, but I should bruch up my knowledge on this).

Thanks for the additional into on brtfs! 👍

Just watched some videos on btrfs. I start to understand the conceps. Perhaps I should also look into how exactly

On windows and the "recovery partion". I guess what you say is that it should always be possiblity to boot in some kind of system, but it will not happen automatically as there is no way for a system to detect that the system completely hangs.

Thinking about it. It kind of strange. Embedded systems have watchdog interrupts that get fired if the system hangs (i.e. if it does not provide a "yes, I still live" signal every "x" milliseconds). Does a PC not have something similar?

just watched some videos on btrfs. Looks interesting indeed. I will look into it and perhaps do a test-installation and see how it goes.

Thanks for the info

OK. That makes a lot more sense.

Thank you for correcting the original post. 👍

Yes, that was indeed the question.

If I read it correct, you need a specialised distro for this. You cannot do this on a off-the-shelf Debian or Ubuntu?

I'll do some searching on 'unmutable Linux'. Thanks for the (very quick) answer! 😀

Concerning linux, yesterday I was watching this video on computerphile on the crowdstrike incident. https://www.youtube.com/watch?v=rlaNMJeA1EA (*)

What is interesting is the comment made in the video on how chromebooks do software upgrades with dual "OS" disk-partitions and the ability to rollback to the previous OS-partition.

Question: is something like this also possible on one of the major linux distros? (debian, ubuntu, rocky, ...) What would be the procedure to do this kind of "dual partition" system-upgrade?

(*) a great video that explained some of the technical details in a very clear way, including some very interesting 'lessons learned' and "what if"s If you ever need to explain crowdstrike to your manager, this video is a good start.

This is a typical mail a phishing campaign would send out, and we have already said to people "never believe this kind of messages. They are all fake.

Now, if a genuine company sends out mails with a genuine gift-cards (what the article on techcrunch seems to indicate) .. this is NOT helpfull at all!!!

And that comming from a cybersecurity company (rolling-eyes)

First .. thanks all for replying. Sorry for the late reply. .. know you .. summer .. holiday .. :-)

Yes, that was indded my question. Some objective and scientific research into this. Interesting reading. Thanks.

My idea was kind-of the result of what we see in cybersecurity: What we are seeing is that with AI disinformation has become so easy and cheap, and also easy to automate. Can we assume a senario where desinformation -like phishing moving into the area of spear phising- is becoming personal.

Just wondering. Certain social media have a feature 'remember, x years ago, you took part in this event' (with some photo's you shared about that event)' What would happen if you start feeding people false information? Or semi-fake information? Including posts by other people?

I agree. Getting people to believe they took part in <some event> x years ago might not be easy. But can you get people to question certain secundairy elements. "Did I really meet <some person> during <some event> 4 years ago?"

I wonder. How many people rely on their own memories what they did in the fast? And how many rely on what the photos in their smartphone and/or social media account tell them?

Kr.

Well, for some time now, I have this question in the back of my mind: is cyberpunk still the future or has it become reality.

The photo-album on our smartphone has become our individual memory, stored on somebody else's computer ("the cloud"). Our photos on social media have become our collective memory, which determines how other people interact with us, based on algorithms controlled others.

In 2024, is your memory still your own memory?

I run OpenRTX on a Retevis RT3s, which can be done without any hardware modification. (I do not know if original firmware is available somewhere -I have not checked-. If that is the case, it should be possible to reflash the stock firmware on the device).

Anycase, I must say that M17 does not run correctly on that radio. There seems to be an issue that the first 300 ms or so of the transmission is not correctly modulated (something related to the FM modulator) and also the end of the transmission is broken of halfway the end-of-transmission frame.

I am currenly at the stage of trying to understand how OpenRTX really works, and my first idea is to implement POCSAG-paging into it. (As I have the source-code for that here anyway) and I also have some ideas for APRS to want to delve in.

(OK, that is, if I have some time left next to all the other stuff I am working on :-) ).

73 kristoff - ON1ARF

Onno,

The reason I added the cfp was to show that it is not a pure technical conference like FOSDEM or GRCON. We added a non-technical part and did that on purpose. In a way, our goal is to try to start a discussion on "how do we see the amateurradio hobby in the post-dinosaur era?"

Looking at a distance, we see a number of different evolutions:

• amateurradio is slowly starting to invert the "buy-and-use" attitude we have seen the last 20 to 30 years. Your remark on the opensourcing the firmware of radios fit into that, as does OpenRTX and similar projects.
• We also see more and more an overlap of amateurradio with other communities, like the makers, developers (think FOSDEM), SDR-experts (think GNU Radio), IoT nerds, infosecurity people, science, etc. I get the impression that these communities start to understand the value of amateurradio as a technical / scientific hobby, which is probably related to the fact that radio/wireless communication technology has become part of almost any field of technology.
• A 3th element is that the organisational structure of amateurradio is changing. The vast amount of subfields of amateurradio has shown the limits of the hierarchical 'IARU - IARU Region - National radio-society - local radioclub' structure. Using the internet (mailing-lists, webforums. telegram-groups, discord channels, matrix rooms, ...) radioamateurs with similar interests have set up virtual communities that live next to the local radioclubs.

So, in essence, we kind-of see a return of amateurradio to a 'I-want-to-know-how-it-works / experimenter / challenges' hobby, probably by the evolution of radio-technology and the 'competion' with other scienfic and technical hobbies. In my personal opinion, that is surely a good thing.

But, to get there, there are -as I see it- two big issues:

• Knowledge. Most (technically minded) radio-amateurs have a background in standard electronics, or in 'building systems'.

To return to your call for opensource firmware for radios, having access to the source-code is one thing, but actually understanding it and having the knowledge to modify or enhance it does require quite different knowledge that 'standard' analog electronics. You need knowledge of SDR and signal-processing techniques -which are much more based on math that standard electronics- plus possibly some HDL to program the FPGA and C/C++/rust for the RTOS that runs on the microcontroller inside the FPGA. Modern radio-communication equipement requires a much larger scale of knowledge then the radio-technology of 20 to 30 years ago that is the basis of the amateurradio exams (and hence courses).

Now, I see two ways to fix this:

1. Work on the knowledge-level of the amateurradio community by new and better courses that include modern radio-technology.
2. Pull in people from communities (see point 2 above) into amateurradio.

• Option 2 above looks for me the most easy option, but it does hit another big issue: how make the current amateurradio community (especially the local clubs) ready to receive these new people.

When I am at an infostand on amateurradio at -say- FOSDEM or a Makerfaire, or you meet somebody at a infosecurity conference, the most difficult question you usually have is this: "wauw. That amateurradio hobby does look interesting. How do I begin? Where do I need to go?"

I've had people at FOSDEM who said "I once went to the local radioclub in my city as I wanted some help on setting up a mesh network in my cities, so I thought that the radioamateur guys might be able to help me. There where just some old men and the only reply I got was that that is no real radio". I've come to a point where I sometimes advice people to go to their local hackerspace and see if there are no hams overthere, instead of sending them to a radioclub.

As said, there are now these communities inside the amateurradio hobby who kind-of operate next to the local clubs, but in the end, you do still need a club for certain things -like courses, or doing an exam- and being in a local club does also include things like a local fieldday or taking part in a contest or so.

Europe has the advantage -compaired to Australie- of having a larger population concentrated in a smaller area. For us, a conference is a good option to try to advance the hobby that way. I guess that, in the end, everybody has to find out what he/she can do.

73 kristoff - ON1ARF

(Posted this as a seperate message so not to mix multiple subjects)

As you mention "microcontrollers in the signal-chain of a transceiver", I am currently looking into OpenRTX.

It is really a very nice example of exactly what you mention and something that has become possible to last 1 to 2 years. With these radios that support opensource firmware, It really has allowed amateurs a look of what is inside of the firmware of a "commercial-grade" handheld radio.

Two weeks ago, I helped out in an infobooth on Amateurradio at a makerfaire here in Belgium. Things like OpenRTX allow to explain to IT-people (who normally only work on computers) how "embedded software" works, how software that runs in devices we use everyday operates. In that sense, FOSS is as much an educational tool as it is "just a piece of code that does something".

Kristoff (ON1ARF)

I completely agree with your remarks.

For people who are interested in opensource and amateurradio, I propose you have a look at the conferences on that topic.

Overhere in Europe, there are two of them

• FOSDEM ("Free and Open Source Developers European Meeting") is a yearly event held in Brussels every 1st weekend of February. In the 2024 edition, there was a devroom ("developers room") on SDR and Amateur-radio. https://fosdem.org/2024/schedule/track/radio/

The videos of the talks are online. I propose to have a look at the talks on M17 and on OpenRTX.(*) Also open source hardware is becoming more interesting.

• Next september, we will be hosting "spectrum24", a new conference on "novel ways to use the spectrum we -as citizens- are able to use. It puts a lot of emphesis on Open-source as yes, most -if not all- of the new projects coming out in amateur-radio are open source.

For this conference, we are at the "cfp" (Call for Presentations) stage. See here: https://spectrum-conference.org/24/cfp

I know that Europe is the opposite side of the globe for you in Autralia. Perhaps there are similar events on your side of the world.

Kristoff (ON1ARF)

That is valid .. in peace-time when everybody accepts that.

The problem is that the reality is a lot complex. Open source only exists, because of the open source licenses. The open source licenses are only valid, because of the copyright legislation. That legislation is only valid, .. because the nation-state has determined it is valid.

Consider a scenario where a nation-state (whatever state that may be, just making a general starement here) decides that for sectors it conciders critical for the state, it -or companies that act on its behalve- are allowrd to use / copy / enclose whatever open source technology they want without being subject to the requirements that come with the opensource license. So they can use whatever open source technology they want but they do not have to return anything to it. They can even use it in closed products.

How do you propose to handle such a scenario?

Kr.

Yes, that's a very useful idea. Thanks!

If you get your domain from OVH, you get one single mailbox (be it with a lot of aliases, like a different email-address for every service/website you use) for free.

What is your 'deleted files' policy? How long do you keep them? I had a similar issue but then found out that the nextcloud cron-process wasn't running so files in the 'deleted files' folder where never really deleted.