OpenFan – A DIY Open-Source PC Fan Controller for up to 10 Individually Controlled Fans
https://void.cat/d/D5dzTCg57rip8oop3VidS.webp
This is quite a nice project, but is not an off the shelf solution. Most folks may get by quite well with the 4 or so fans that a PC can already control, but if you need this level of granular control for up to 10 fans, this project may be for you.
It is also open-source hardware, and a lot of thought went into how it can easily connect inside the case. The video he published does explain it very well.
I see the board has place for external temperature sensors to be added, which he does not seem to be using yet, and of course, the other big thing is the automation by 3rd party software to manage it.
That all said, the project appears to have been published only about 4 days back, so there may be a lot more contributions that will still be made to this project.
See https://sasakaranovic.com/projects/openfan-controller/
#technology #fans #cooling #opensource
How To Protect SSH login with Fail2Ban: A Beginner’s Guide
https://void.cat/d/XwUMtx2ANhnmDreJuePb5y.webp
If you have not set your Linux server/VPS (or workstation if you have the SSH service running) for public key authentication only (way quicker and more secure for later use), then this guide may be really useful. It is one of the easier-to-follow ones that I have seen.
It will help put in place a really basic and essential protection that any Linux server should have. Fail2Ban is a vigilant sentry for your servers. It is one of the most effective shields against unauthorized access attempts, especially brute force.
One of its most valuable things is it acts proactive. In other words, instead of waiting for an attack, Fail2Ban offers an approach by identifying and blocking potential threats in real time. The beauty of Fail2Ban lies in its simplicity and adaptability. Moreover, it is light on resources, so it doesn’t burden your server’s performance.
For any of my servers, straight after changing the admin password, the Fail2Ban service is the immediate next step on my list to activate.
See https://linuxiac.com/how-to-protect-ssh-with-fail2ban/
#technology #hosting #security
WordPress.com owner buys all-in-one messaging app Texts.com for $50M
https://void.cat/d/JLyW61XwMoq4MpeGwRnMcW.webp
The app brings all your messaging apps together in a single dashboard, including iMessage, Slack, WhatsApp, Instagram, Telegram, Messenger, LinkedIn, Signal, Discord and X, with plans for more in the future, a company blog post announced.
Though other companies have tried to do something similar — like Beeper — Texts.com offers end-to-end encryption of your chats and other features users have always wanted, like the ability to schedule messages at a time that’s convenient for the recipient, not just for you. In addition, you can mark messages as unread even on services that don’t offer that feature, allowing you to remember to check that message again when you return, as well as get summaries of long group chats you’ve missed.
It is certainly a similar approach to Beeper, but different. Beeper dropped their charge per month whilst this service is still $15 pm. The service has iMessage but only on macOS - whilst Beeper offers iMessage across all platforms. However, that is another difference in that Beeper does break the E2EE for iMessage, with that virtual Mac in the middle, which you have the password to.
Beeper also includes full iMessage use on Windows, Linux, and Android phones, and also has Google Chat and Google Messages (SMS/RCS). The other services are the same minus IRC.
Right now they support iMessage (only on macOS), SMS (with iMessage), WhatsApp, Telegram, Signal, Messenger, Twitter, Instagram, LinkedIn, IRC (IRC is really interesting!), Slack and Discord DMs. Texts app runs on macOS, Windows and Linux. Texts for iOS is under development and Android is on the roadmap.
I'm not sure how they're doing Signal and WhatsApp still with the E2EE intact. They mention an in-house Texts Platform SDK for the integration, but unless they are independently audited, or their code is open, we can only take their word for the full E2EE. Their privacy policy does state, however: "The App also preserves end-to-end encryption of your messages if supported by your Messaging Service". Maybe WhatsApp and Signal don't support this? I do think that Beeper was a lot more forthcoming about exactly how they manage each service. They also say your messages don't touch their servers - that implies everything is in the client app i.e. a 3rd party WhatsApp inside the Texts app. But it also means no iMessage at all then for Android or non-macOS platforms.
Whilst we have no real approved global open messaging standard (no, not SMS as no encryption at all), and whilst the likes of Tim Cook insist on their own walled garden for iMessage (they could have just included Android iMessage apps) we're going to have lots of disconnected messaging services. So, it is still good to see more options like this appearing, as clearly users do want to integrate their messaging more. The fact is, the whole world is just not going to be on one messaging service.
#technology #interoperability #messaging
Do VPNs Hide Data Usage from ISPs or Cellular Carriers? Yes, but they're no Magic Bullet
https://void.cat/d/JBFXFPJY7SSJgJaA6Xu7qw.webp
Too many people think just running a VPN will solve all privacy, security, malware, etc problems. A VPN only really does two or three things:
* Gets you an IP address that is somewhere else and not associated with your ISP or carrier provided address.
* It cuts out any snooping by your carrier or ISP, as well as any person-in-the-middle attacks, e.g. at a public Wi-Fi area.
* Can bypass any traffic throttling an ISP may have for specific protocols, for example on torrent traffic, or a specific website such as Netflix. But this also means losing any potential data-free allocations, such as for some gov or educational websites.
But it is probably important to note all the things it is not protecting you against:
* Visiting suspect sites that maybe install a key logger or other malware - both ends of a VPN are open.
* Clicking on links in e-mail that install malware, Trojans, etc that sniff your passwords or infect your device.
* The information you provide to every website you visit. Your browser fingerprint still ties that browser to where you use it across different sites.
* Most free/basic VPNs will also not unlock geographic blocks for many entertainment streaming services, nor may they be doing aggressive ad blocking.
* They can be overall slower than not using a VPN as there is an overhead to encrypting all traffic.
* You can't bypass your ISP or carrier's data cap restrictions as all traffic still counts as data usage.
* It may not be usable from inside some organisations where VPN traffic is being blocked, and it can be a give away in some countries such as China or Russia where the use of VPNs may be banned.
* Many VPN providers do not log activity, but a lot of the free ones may be recording and logging what you do (or inserting ads into your traffic).
So, it really depends on why you'd want to use a VPN e.g. bypass geo-blocking for media streaming, bypass country censorship, be more secure on a public Wi-Fi network, etc. For example, for country censorship, Tor browser and Signal messenger have toggles you can activate which use special servers and can make the traffic look more like normal web traffic.
So, whilst VPNs may help hide activity from your carrier and ISP, it is only one part of a privacy and security solution as you need to secure your device itself, as well as your browser and extensions, your DNS provider, and be careful of what information you provide to websites. Unique passwords and proper 2FA (not via mobile phone number) are also essential.
Privacy and security are not really protecting you from your own government as they should already know who you are, where you work, what health conditions you have, how much you get paid, where you live, and much more. It is more about those who want to sell your behaviour analytics to advertisers and data brokers, and even worse, those who want the information for identity theft purposes.
The human is still the weakest link in most cybersecurity threat chains, and it is not always about your personal finances, but often a way to leverage into an organisation which is way more attractive to threat actors.
See https://www.howtogeek.com/do-vpns-hide-data-usage-from-isps-or-cellular-carriers/
#technology #VPN #privacy
What Are Google Play System Updates on Android, and Are They Important? And Why You Need to Check Them
https://void.cat/d/D27ekrToFBfYhw8UZRm1ro.webp
Google Play System Updates mainly address security issues, but they aren't the same as the monthly security patches. Both are responsible for different things. All devices with Android 10 and higher can get a Google Play Security Update, regardless of whether they have the latest security patches.
A good example of where Google Play System Updates could have helped was the Stagefright security bug in 2015. Stagefright was an attack on a multimedia player component in Android. The media framework is one of the 12 components that can be updated through Google Play System Updates. Many devices were never patched to protect against Stagefright because it required a firmware update.
The thing that bugs me about Android, and Windows, is that unlike Linux that runs an update and updates everything in one go, it seems that the Play System updates need to be checked and run, and with Windows it only checks after than application is run. Android does a similar thing where it seems to stop checking for updates to an app, if you have not run it recently.
We really need OS's to check the operating system and all apps for needed updates.
The other thing with Play System updates is, they queue up if you have not updated, so you may need to run the check a 2nd or a 3rd time until it says there are no new updates.
#technology #Android #updates
12 best casual games on Android in 2023 - Unwind with these creative casual games
https://void.cat/d/HM1qhLC1aHaRx9aoQidRpe.webp
Casual Android games are the perfect way to kick back after a long day at work. From atmospheric puzzle games like Monument Valley to creative sandboxes like Townscaper, these games offer relaxing and satisfying experiences. There's a considerable amount of variety, too, so you don't need to worry about playing the same game repeatedly.
Sometimes you just want something to while away some time, without having to tax your brain or think too deeply about the game (a bit like why I play Snowrunner). I'd rather do this than doom-scroll through TikTok, Facebook, Instagram, etc.
See https://www.androidpolice.com/best-casual-games-android/#usagi-shima
#technology #Android #gaming #relaxing
Our ancestors did have pocket sized music players in the 1920s - They just required some assembly
https://void.cat/d/JVBWFWgcWofLH3vwwndwdh.webp
I grew up in the era of having 78 RPM and 33 1/3 RPM records, but never saw one of these at all. The first pocket sized player I saw was a Sony Walkman which used the C90 cassette tapes.
This device is certainly super portable (before amplifiers were around) but does require a few minutes of careful assembly. It looks like that is a full size 33 1/3 RPM record, but I'm wondering how much weight presses down on the needle. Of course, back then the needles, and records, were a lot tougher than in the 1960s and 1970s, where stylus arms were better balanced for lighter weight and better tracking.
Of course, it still works are nearly 100 years, and will even work in South Africa without any electricity required during load shedding. Yes, it's also true that being clockwork, it probably even plays underwater! I'm really doubting that much of our technology in 2023 will be playing as-is in 2123.
See https://hackaday.com/2023/10/23/is-that-a-record-player-in-your-pocket-or/
#technology #vintage #recordplayer
Exercise bike inspired by Ukraine war provides backup power during emergencies but why not anytime
https://m.primal.net/HOEg.webp
The exercise bike, dubbed HR Bank, was designed to provide urban dwellers with a reliable source of clean energy, but, perhaps more importantly, also for those in need of power during emergencies like natural disasters or wars.
“Our idea was that a person who bought an HR bank could not only use it as an external battery, charged from the sun or the grid, but in the absence of an external power source, could generate energy by pedalling,” said CEO Jonas Navickas.
A lot of thought has gone into this design with it not only being portable, but also storing a very useful 2kWh of power. Pedalling is not its only source of energy as it can also charge from the grid, car batteries, solar or wind power.
It is not only a clean source of power, but pedalling daily on it will help keep its owner fitter and healthier too.
The downside probably is the price of around €3,000 but I suppose you have to factor in it is a very useful battery storage, an exercise bike, and an emergency generator all rolled into one (saving some space too).
#technology #emergencypower #batteries
Large screen monitors are getting very pricey: This guy is using a suitable TV instead
This was an interesting watch and brings home the fact that you should just consider what you are needing your screen for. TVs are certainly also getting better, but there is more to it than just HDMI ports, contrast ratios, and response times.
We've long been using our standard (and now pretty old) TV with HDMI ports as our media screen in the lounge, connected to a Linux computer. It works perfectly for that purpose. But we're not playing high-end games on it.
But even for many gamers, MAYBE a TV could work fine. Given the price differences, it may be worth it. As it is, many say that the ultra-high refresh rates (or FPS) we are seeing on the latest monitors are just not good bang for the buck at all. It is unlikely the human eye is even perceiving much difference beyond 144Hz (I did a post about that in June 2023).
It is certainly something worth considering at least.
See https://youtu.be/rdg8tKNZt1s
#technology #monitors
35+ Advance Examples of the Find Command in Linux
Don't try memorising all of these, but rather quickly skim the headings in the linked article to give you an idea of what CAN be done with the Find command. You'll realise, too, that using the command line sometimes, offers way greater power, as well as speed.
Find does not only find a file name matching a pattern, but can also be useful to find all files modified in the last 60 minutes, that have executable permissions, that belong to the root user, that are empty files, that were accessed in the last hour, that are larger than a specified size, and lots more.
The find command is an advanced tool for searching files or directories rigorously in your file system, taking a little longer time than its alternative tools like the locate command. It’s due to its nature of searching a specified file by walking through each file for a match in your system, instead of creating a database where all the file paths are indexed.
See https://linuxtldr.com/find-command/
#technology #Linux #Find #opensource
Thorium Browser claims to be the fastest browser on Earth
https://void.cat/d/SuxvXys32KcRYWTu1uDnea.webp
They claim an 8-38% improvement over vanilla Chrome. It is not a completely de-Googled browser, but their focus has been on improving performance as well as a number of patches to restrict what is passed back to Google and generally improve security and privacy.
I know Firefox (and Tor and derivatives) do achieve the latter, but they mostly do not achieve the fastest performance, and sometimes websites don't work well for them (not Firefox's fault, but the website devs who are not designing to be compatible with open web standards).
They have also created a number of their own Chrome extensions, which seem quite unique.
#technology #browsers #opensource
Big Ass Data Broker Opt-Out List that can Guide Opting out from Data Broker Databases
https://void.cat/d/Cm6BQXs13bqrQxLqwPmLDo.webp
This list, also known as BADBOOL, was started on September 29, 2017 and was most recently updated in October 2023 to add PimEyes and to remove TruePeopleSearch and Cyber Background Checks, since those sites will automatically remove your data if you successfully opt out of Intelius and BeenVerified.
Some of these opt-outs take a long time to go through. Sometimes, information is pulled from other sources, and you’ll need to opt out multiple times for the same site. Data brokers come and go (and are bought out by others), and they also often change their opt-out pages.
In many US states, real estate data and voter registration information is public (or easy to obtain). And, of course, location data can be found by physical means (e.g. following you home) and through other people who know it (i.e., social engineering). That said, removing your home address from data broker sites can significantly lower your attack surface and make it harder for people to find it.
This is mostly US focussed, but does give some idea of all the data brokers tracking users' data and behaviour, and that it is not easy to just opt out. The list is being managed as an open source project that it has community participation as well. So, it may also be possible to suggest adding resources for other countries too.
Unfortunately, if you're on the Internet, you do leave many traces. Very few normal users actually boot clean from a Tails Linux on a USB stick in read-only mode, and use Tor Browser without any saved logins etc. Most users also carry a mobile phone with apps installed (no more needs to be said about that).
Your best defence is though to do some basics like using a privacy based browser with fingerprint protection, script bocking, unique secure passwords per site, sandboxing (or not using) Facebook and Instagram type sites, etc.
Just yesterday, I received a phishing mail that had spoofed my own private domain e-mail address (to imply they had hacked my e-mail). I realised that, although I had activated DMARC and SPF on my e-mail service, I had made one copy-and-paste mistake in the DNS records, and no error was shown. I'd not properly checked that the DMARC indicator was showing as verified green on my service. Doing it, and actually checking it, are two separate actions one needs to do. It's the little things that trip you up.
So why are data brokers a threat to you? Well because they also collect a lot of related information which is often used to verify your identity to a call centre to have your password reset (one example).
See https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List
#technology #optout #databrokers #privacy
6 Best Grammarly Alternatives to Check Grammar and Readability, although LanguageTool is not listed
https://void.cat/d/4k3rMjDKy28JV1dCWq1Wau.webp
Grammarly is by and far the most popular grammar checker you can use. Not only does it look for grammatical errors, but it checks your spelling and aims to improve readability too. It can cut down on wordiness, passive voice, and repetitious use of words. It can also make suggestions to better align your writing with your audience and overall intent. Grammarly has also added AI features that can help generate text, rewrite passages, and more.
I use a grammar checker which probably corrects every single sentence I type. One should just bear in mind though that a grammar (or spell) checker needs access to every page you visit/type in order to make any suggestions or corrections.
But what I found most intriguing in this linked article, is that LanguageTool was not listed. It supports around 30 languages and installs in just about everything you can think of. Its free tier has a limit of 20,000 characters per text field, and sentence rephrasing by AI is limited to 3 per day, but it is otherwise an excellent free tool to use. It is German based, so under GDPR and funded by the EU, but their privacy policy on their site actually refers to the use of the website. Their core product though is open-source, so you can host it yourself in a Docker container.
See https://www.howtogeek.com/best-grammarly-alternatives/
#technology #grammar #languagecheck
I think it is changing tho. Once some has tried VarAC I think they realise it works a whole lot better. I just did a 34 min QSO from. Africa to USA. Don't think I even got JS8Call to do that as it took too long on overs. Maybe the reason is US is quiter on VarAC so I could actually get through...
VarAC digital chatting on Amateur Radio seems to be getting more popular than JS8Call
https://void.cat/d/V1VNTPFaAgxLWajjrAgS4S.webp
This is at least apparent for what I'm observing in my country on the Southern tip of Africa. The reason seems to be that VarAC provides most of the functions that JS8Call already provides, and then provides a lot of usability improvements as well as transmitting images, documents, faster speed, VMails, etc.
I've been getting up to speed with it the last two days, and am really enjoying using it. I've documenting what it is about, how it compares with JS8Call, and some tips I've been learning, at the web page I've linked to in this post.
See https://gadgeteer.co.za/hamradio/varac-p2p-digital-mode-chatting-application/
#technology #hamradio #amateurradio #VarAC
I'm also noticing a good 4% battery usage. I see I can switch between OS watched folder changes, or manual checks with longer periods. Busy testing a bit.
I've had the same problem on Android. But clearing the cache and killing the app, brings up a welcome screen, but relays don't reconnect. Still shows zero relays connected. Under relays screen I see 7 recommended relays but the + icons do nothing to add them. If I go to Add Relay and type an address in, the Add button does nothing, except the X changes to a tick mark. My version is v0.7.6+56.
Validrive Detects Fake USB Drives with Inflated Capacity: Many found on Amazon already
https://void.cat/d/JTTPVx26iWtWaMw2Gt6fs4.webp
At first, this might seem like a minor annoyance: You purchase a 1 or 2 terabyte drive at a bargain price, and you receive a 64 GB drive instead. But that's NOT what happens here!
The drive appears to be the 1 or 2 terabyte drive you purchased. You plug it into your computer and everything looks fine. You can even copy files to the drive; as many as you want. And when you look at the drive's contents, the files are there. But what's insidious is that the files' contents may have never been stored.
These fraudulent drives contain just enough storage – typically 64GB – to convincingly hold the file system's directory listing. But once its first 64GB of storage space has been filled, the contents of any additional files will not actually be stored. Their names, dates and sizes will be stored in the directory at the front of the drive. Everything will appear to be fine. But the files' contents will be blank because they were “stored” where no storage exists.
Operating systems do not verify that the data they write was actually written. They rely upon the honesty of storage devices to report errors. If a write error occurs, then the operating system will rewrite the data elsewhere. But these deliberately fraudulent drives never report any problems – they just silently discard any data written where there's no storage.
It is a freeware, and very small footprint (written in Assembler), portable utility, so no installation required, but unfortunately does only run on Windows OS.
I was listening to feedback by Steve on his Security Now podcast (episode 943), and the scary part is he has already tested 12 USB sticks he bought off Amazon, and EVERY one of them was found to be fraudulent. Many show 4-star reviews full of praise for the devices, but you'll see some reviews mention the drives "stopped" working after a few months. It is easy to fake what capacity is reported to Windows, and that is why a proper test needed to involve writing and reading back every region of the drive. ValiDrive performs a quick, random-sequence spot-check across the drive's entire declared storage space. At every location, it verifies the successful storage and retrieval of random (unspoofable) test data.
He goes on to also explain why some drives can be very slow during the test, due to needing to step up the voltage from 5V to 20V for the write operations. This is apparently why SSD's can be so much faster than a USB drive.
So if you buy any USB drive online (or even from a retailer) you may want to run this test first and check you got what you paid for.
See https://www.grc.com/validrive.htm
#technology #USB #fakeUSB #Amazon
Starlink launching cellphone “towers” in space: LTE connectivity and requiring no special apps or changes to hardware or firmware
https://void.cat/d/7h3zyKPmd1eomcccnaqj1f.webp
To enable connectivity with regular phones, Starlink will fit some of its satellites with advanced eNodeB modems that act like a cellphone tower in space.
Starlink said this would allow for network integration similar to a standard roaming partner.
For South Africa, with its strict Black Economic Empowerment requirements, it has so far meant no Starlink access unless there is a local BEE ownership. But this new service may "fly" as it would be an upstream service rendered through the local cellular providers (not directly to end consumers), much like any roaming cellular partner.
Because this would work with any cellphone, it will be even more important for under serviced areas, and those travelling in more remote rural areas.
The plan is to launch texting services in 2024, followed by voice and data connectivity in 2025.
Very interesting, too, to see IoT support planned from 2025.
See https://mybroadband.co.za/news/cellular/511228-starlink-launching-cellphone-towers-in-space.html
#technology #Starlink #SouthAfrica
Firefox tests a built-in checker for fake reviews from Fakespot
https://void.cat/d/6gPwsBrKHmksPC8xMMrued.webp
Firefox’s Review Checker is now preparing to give users the tools to weed out unreliable reviews. Screenshots posted by MSPowerUser show how the tool is accessible via a price tag icon in the browser’s URL bar, which brings up a sidebar with details on the current open product page. The tool assigns the product’s reviews a grade based on how reliable it believes them to be, offers an “adjusted rating” out of five stars with “unreliable reviews removed,” and pulls out some highlights of the existing reviews.
Fakespot already offers its review checking services via its website, extensions for browsers like Chrome and Safari, and iOS and Android apps.
It is being tested in the USA currently, but unfortunately, Fakespot only works with some of the major US shopping sites. Currently, those sites are: Amazon, BestBuy, Flipkart, Home Depot, Sephora, Steam, TripAdvisor, Yelp, and Walmart. It would be really useful if this could also work on AliExpress and many other international eCommerce sites.
It's worth noting that such extensions require access to the content of visited pages to work, so where you have this installed as an extension, you can use an extension like Extensity to quickly deactivate/activate it when needed.
See https://www.theverge.com/2023/10/11/23912457/firefox-review-checker-fakespot-feature-test-experiment
#technology #fakereviews