Profile cover photo
Profile photo
John Bump
Mad scientist
Mad scientist

John's interests
View all
John's posts

Post has shared content

Post has attachment
A complicated but ultimately rewarding article on the complexity of financial transactions of the Middle Ages, because of variations in precious metal availability, quality of coinage, and poorly aligned incentives for stable coinage. The thing that particularly struck me was that coins were so rare there simply were no coins small enough for petty costs, so the cheapest coin was the cost of a loaf of bread and when the price of wheat changed, the loaf size changed. But wages were similarly limited, and work hours weren't flexible, leading to large wage fluctuations.

Post has attachment
Primarily for +Ben Hibben, but, more generally, for anyone who has ever wanted a power hammer for blacksmithing: one made from some I-beams and an old engine block for under $100.

You ever wonder how far you can ride a new wheel if you forgot to put a rimstrip in before you inflated the tube?
Six blocks, is how far.
head desk

Post has attachment
Department of if-you-do-a-job-well-it-becomes-your-job, a second heatsink with a broken tap. This time they want me to keep the anodizing on the topside, so I will be playing with spray lacquer.

Post has attachment
Follow-up on the tap broken off in heatsink project for work: left it in warm Sparex overnight and the tap and adjacent anodizing are both gone. There was some steel still in the hole but it pushed out.
2 Photos - View album

Post has shared content
A bunch of good information on comparing VPN services, what they're good at, and what you should look for.
So. The Republican Congress and the Republican President have enabled ISPs to use your entire internet history for commercial purposes without your consent. Some ISPs are saying that they won't do so but that is completely voluntary on their part and they may change their minds at any time. I'm not entirely sure that they would need to inform of us if/when they do change their minds.

For details on where we stand:

What to do? Well, one option jumps to mind: VPNs. Virtual Private Networks are basically a private tunnel to the internet. Your ISP only sees the VPN instead of your actual internet activity. Ideally.

Great! Right? Well . . . yes and no. When you use a VPN service you are trusting that service in the same way that you were trusting your ISP. Do you have good reasons for trusting a particular VPN service more than you trust your ISP? This is challenging as there are no independent audits of VPN services.

A well maintained trustworthy VPN service is indeed a very good solution for our privacy concerns. The problem is, as always, people. That's where the Ars Technica article below comes in. Consider a small sampling:

Preshared keys

White offered a quick list of VPNs that have preshared keys posted online: GoldenFrog, GFwVPN, VPNReactor, UnblockVPN, IBVPN, Astril, PureVPN, PrivateInternetAccess, TorGuard, IPVanish, NordicVPN, and EarthVPN.

“If I know the preshared key for your VPN and I am somebody who has control of the Wi-Fi access point, and you’re using a preshared key with a VPN I know, then I can basically man-in-the-middle attack and decrypt everything you’re doing,” said White. “The security you get against that kind of attacker when the preshared key is known is not very strong.”

PPTP instead of IPSec, L2TP/IPSec, IKEV2, or OpenVPN

Some VPNs use the outdated PPTP VPN protocol, which is fundamentally insecure. Better options include IPSec (LibreSwan and StrongSwan, which are actively maintained), L2TP/IPSec, IKEv2, or OpenVPN.

Among these alternatives, IPsec can be set up without installing extra software, but some believe it was either compromised or intentionally weakened by the NSA. OpenVPN is more secure but can be more difficult to set up and requires third-party software. It also needs to be configured correctly.

Recent research by High-Tech Bridge found that 90 percent of SSL VPNs tested use insecure or outdated encryption. In total, 77 percent used the insecure SSLv3 (or even SSLv2) protocols, 76 percent used an untrusted SSL certificate (making it easier for remote attackers to perform man-in-the-middle attacks and intercept all data passing over the VPN connection), and a large chunk used insecure key lengths for RSA signatures, insecure SHA-1 signature. Believe it or not, 10 percent were still vulnerable to Heartbleed.
. . .
What to look for

Given all the precautions and VPN footnotes above, is it feasible to find workable VPNs or at least reliable information about them? “Assertions from VPN service providers are absolutely caveat emptor, in the absence of public third-party audits,” White pointed out. “You’re getting Pinky-Promise-as-a-Service.”

That said, there are many positive signs to look for when evaluating a VPN beyond the basics: is the VPN using up-to-date protocols, what’s the reputation of the company and the people behind it (and their history or expertise), are terms of service easy to understand, what does the VPN protect against and what doesn’t it cover, and is the service honest about its disclosures?

Aside from these factors, Campbell recommends looking at any company activism, which he says is likely to demonstrate how much an organization cares about customer privacy. He also looks for a clear and unambiguous privacy policy rather than a boilerplate policy and for companies that have been in business for at least three years.

“There has been an explosion of cheap VPN providers over the last few years since the Snowden revelations,” Campbell warned. “Many of these new providers use laughable security practices. In many cases, they are Web hosting businesses that have decided to repurpose some of their servers, effectively becoming bandwidth resellers, but with no security experience.”

As a final precaution, Campbell also looks for VPNs that do not use third-party systems to capture sensitive customer data. “Any VPN service that respects their customers’ privacy will self-host all systems that interact with customers, such as third-party live chat scripts, support ticketing systems, blog comments, etc. Customers often submit very sensitive information in support requests without knowing that the VPN provider doesn't have exclusive control over the system,” he said.

So . . . is this 'out of the frying pan and into the fire?' I'm not sure. All I know is that I am not happy with my options up to this point.

Enter another option:


Depending on your privacy needs, a pre-made solution may not currently exist. If that’s the case, technical users can roll their own VPNs. If a pre-made solution is more your speed, one option is running Streisand over a DigitalOcean VPS, Amazon Web Services, Vultur, OVH, or another reputable hosting provider. Created in the aftermath of Turkey blocking Twitter, Streisand's goal is to help users circumvent Internet restrictions.

“Streisand sets up a new server running L2TP/IPsec, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, and a Tor bridge. It also generates custom configuration instructions for all of these services,” the GitHub page reads.

Creator Joshua Lund told Ars that one of Streisand’s goals is to make the setup process as painless as possible. He envisions the open-source service growing into a ”centralized knowledge repository” where the best practices can be updated and automated by a watchful community.

“Streisand automates several difficult steps that can dramatically increase security,” Lund told Ars in an e-mail. “For example, Streisand's OpenVPN configuration enables TLS authentication (AKA an ‘HMAC firewall’), generates a custom set of Diffie-Hellman parameters, and enables a much stronger cipher and checksum algorithm (AES-256/SHA-256 instead of OpenVPN's antiquated default of Blowfish/SHA1). Many users will skip these optional and time-consuming enhancement steps if they are configuring OpenVPN by hand. In fact, most commercial VPN providers don't enable these features in their OpenVPN setup.”

Other benefits of Streisand include automatic security updates and an automated setup process that allows users to get a brand new server running in around 10 minutes. And when compared to commercial VPN providers, Streisand-deployed servers are far less likely to become targets of censorship efforts, DDoS attacks, or blocked access to streaming services.

If the problem is not VPN but the people you have to trust for your VPN then maybe you need to provide your own VPN. This is something I am considering. Streisand is based on Ansible which is a well known project. This option has a lot of upside. The down side is wading into the weeds and perhaps a $10/month fee for your AWS services.

I am considering this.


A Streisand how-to blog based on using AWS

h/t +Danial Hallock (might be interested in this)

Post has attachment
Tonight's poor work-life balance project is removing a broken tap from a 25x25cm heatsink because my coworker refuses to drill mount holes from the top, so ends up with curved holes that snap taps. Removal consists of immersing in crock pot containing 5% sodium hydrogen sulfate aka Sparex overnight, as it eats steel but won't touch aluminum. 

Post has attachment
What are other people doing for first layers? When I was printing small pieces they stuck like bad habits and looked great, but I just did a fairly large (handsized) one and noticed that the first layer has like 60% coverage, with big wide spaces between the material being printed. I relevelled the bed with a piece of typing paper just barely able to pull beneath the nozzle, and that did nothing, so I'm wondering what Cura settings I should change. Decrease first layer thickness? Increase first layer extrusion width? Thoughts? Pic: a small fan shroud for putting a 25mm fan on the side of the mini to cool the electronics, which printed beautifully, and the first layer of a carburetor plate for an intake manifold I'm designing that printed just terribly.

In case this is useful to anyone: I got Repetier-Host talking to the Mini on linux by messing about with dmesg and minicom. It wants to talk to /dev/ttyACM0 at 230400, probably with the pingpong acknowledge box checked. This allowed me to update the PID values for the heater nozzle, which improved nozzle heater temp variation considerably.
Also, did anyone else see the midwest reprap festival article about someone more than doubling the Mini's build volume, by converting the Y axis to polar and putting a big circular build plate on it?
Wait while more posts are being loaded