From 3d7f8eca0bfce968b4ca89a30271bcb0b4b34539 Mon Sep 17 00:00:00 2001 From: Ken Fallon Date: Wed, 22 Nov 2023 08:14:12 +0100 Subject: [PATCH] 2023-11-22_07-14-12Z_Wednesday database changed --- sql/hpr-db-part-14.sql | 8 ++++---- sql/hpr-db-part-15.sql | 2 +- sql/hpr.sql | 10 +++++----- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/sql/hpr-db-part-14.sql b/sql/hpr-db-part-14.sql index 803210e..c91b6b6 100644 --- a/sql/hpr-db-part-14.sql +++ b/sql/hpr-db-part-14.sql @@ -298,7 +298,7 @@ INSERT INTO `eps` (`id`, `date`, `title`, `duration`, `summary`, `notes`, `hosti (3712,'2022-10-25','The last ever CCHits.net Show',5756,'The team talk about the nearly 12 years of producing CCHits.net.','

Over 12 years ago, Jon \"The Nice Guy\"\nSpriggs went to a \"Pod Crawl\" with (among others) Dave \"The Love Bug\" Lee, where he\npitched the idea of a daily music promotion show, with a twist - it\nwould all be automated, and use text-to-speech to introduce\neverything.

\n

The first show was released\non 2010-10-24 and the last ever show (this one) was released on\n2022-10-12.

\n

Over the twelve years, Jon would go on to meet to meet Yannick and Ken Fallon, both\nof whom would go on to shape changes (big and small) to CCHits.

\n

This year, the cracks started to re-appear in the architecture\nunderneath CCHits - between APIs shutting down that were used to load\ntracks to CCHits, and the general framework being used to write CCHits\nnot receiving the care and attention it needed... and the team finally\ndecided to stop adding new tracks, and let the process build the last\nfew shows.

\n

This podcast gives you a peek behind the curtain to the team involved\nin the system, and gives you some of the high- and low-lights in the 12\nyears the site ran for.

\n',413,0,0,'CC-BY','music,creative commons,podcast',0,0,1), (3724,'2022-11-10','My top Android apps',579,'I walk through the top apps on my phone','

My most used apps

\n

AIO Launcher

\n\n

\"Main

\n

\n

\n

Termux: Terminal\nemulator with packages

\n\n

QKSMS Messaging

\n\n

Firefox browser

\n\n

Opera browser

\n\n

Brave browser

\n\n

Clear Scanner PDF scanner and\nOCR

\n\n

Antennapod

\n\n

Tusky

\n\n

K-9 mail client

\n\n

Viber

\n\n

Audio recorder

\n\n

X-plore dual-pane file\nmanager

\n\n

Librera E-book Reader: for\nPDF, EPUB

\n\n

Multi Timer

\n\n

US Amateur Radio Band Plan

\n\n',318,0,0,'CC-BY-SA','Android, Android apps, Mobile phone, Custom launcher',0,0,1), (3725,'2022-11-11','How to use OSMAnd with Public Transport ',124,'Ken shows you how to use this mapping tool to display transit routes in your area.','

\r\n\"\"
\r\nMap of Dublin showing the Temple Bar tourist area. A red arrow points to where you can change the profile.\r\n

\r\n

\r\n\"\"
\r\nWith the Configure Map > Profile selection menu open, a red square surrounds the Bus icon to indicate the \"public transport\" profile is now selected.\r\n

\r\n

\r\n\"\"
\r\nThe map now opens to show more information about public transport is now displayed on the map. This is highlighted with a red square.
\r\nClicking the bustop (highlighted with a red circle ) will show more information about the routes available at this location.\r\n

\r\n

\r\n\"\"
\r\nOnce the transport stop is selected, a list of all the routes that service this location are displayed. Along with other routes that are available within a short distance.\r\n

\r\n

\r\n\"\"
\r\nClicking any of the routes numbers/names will give a zoomed out map showing in red the route many of the stops towards it\'s source and destination.\r\n

\r\n',30,0,0,'CC-BY-SA','OSMAnd, OSM, Maps, Public Transport',0,0,1), -(4001,'2023-12-04','HPR Community News for November 2023',0,'HPR Volunteers talk about shows released and comments posted in November 2023','\n\n

New hosts

\n

\nThere were no new hosts this month.\n

\n\n

Last Month\'s Shows

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
IdDayDateTitleHost
3978Wed2023-11-01Driving in Virginia.Some Guy On The Internet
3979Thu2023-11-02FireStick and ad blockingoperat0r
3980Fri2023-11-03Huntsville to VicksburgAhuka
3981Mon2023-11-06HPR Community News for October 2023HPR Volunteers
3982Tue2023-11-07Conversation with ChatGPTArcher72
3983Wed2023-11-08ChatGPT Output is not compatible with CC-BY-SAKen Fallon
3984Thu2023-11-09Whoppers. How Archer72 and I made moonshine. Volume one.Some Guy On The Internet
3985Fri2023-11-10Bash snippet - be careful when feeding data to loopsDave Morriss
3986Mon2023-11-13Optical media is not deadArcher72
3987Tue2023-11-14The Grim DawnSome Guy On The Internet
3988Wed2023-11-15Beeper.comoperat0r
3989Thu2023-11-16LastPass Security Update 1 November 2023Ahuka
3990Fri2023-11-17Playing Alpha Centauri, Part 2Ahuka
3991Mon2023-11-20YOU ARE A PIRATE operat0r
3992Tue2023-11-21Test recording on a wireless micArcher72
3993Wed2023-11-22z80 membership cardBrian in Ohio
3994Thu2023-11-23Lastpass Responseoperat0r
\n\n

Comments this month

\n\n

These are comments which have been made during the past month, either to shows released during the month or to past shows.\nThere are 4 comments in total.

\n\n

This month\'s shows

\n

There are 4 comments on 4 of this month\'s shows:

\n\n\n

Mailing List discussions

\n

\nPolicy decisions surrounding HPR are taken by the community as a whole. This\ndiscussion takes place on the Mail List which is open to all HPR listeners and\ncontributors. The discussions are open and available on the HPR server under\nMailman.\n

\n

The threaded discussions this month can be found here:

\nhttps://lists.hackerpublicradio.com/pipermail/hpr/2023-November/thread.html\n\n\n

Events Calendar

\n

With the kind permission of LWN.net we are linking to\nThe LWN.net Community Calendar.

\n

Quoting the site:

\n
This is the LWN.net community event calendar, where we track\nevents of interest to people using and developing Linux and free software.\nClicking on individual events will take you to the appropriate web\npage.
\n\n

Any other business

\n

Example section

\n\n\n\n',159,47,1,'CC-BY-SA','Community News',0,0,1), +(4001,'2023-12-04','HPR Community News for November 2023',0,'HPR Volunteers talk about shows released and comments posted in November 2023','\n\n

New hosts

\n

\nThere were no new hosts this month.\n

\n\n

Last Month\'s Shows

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
IdDayDateTitleHost
3978Wed2023-11-01Driving in Virginia.Some Guy On The Internet
3979Thu2023-11-02FireStick and ad blockingoperat0r
3980Fri2023-11-03Huntsville to VicksburgAhuka
3981Mon2023-11-06HPR Community News for October 2023HPR Volunteers
3982Tue2023-11-07Conversation with ChatGPTArcher72
3983Wed2023-11-08ChatGPT Output is not compatible with CC-BY-SAKen Fallon
3984Thu2023-11-09Whoppers. How Archer72 and I made moonshine. Volume one.Some Guy On The Internet
3985Fri2023-11-10Bash snippet - be careful when feeding data to loopsDave Morriss
3986Mon2023-11-13Optical media is not deadArcher72
3987Tue2023-11-14The Grim DawnSome Guy On The Internet
3988Wed2023-11-15Beeper.comoperat0r
3989Thu2023-11-16LastPass Security Update 1 November 2023Ahuka
3990Fri2023-11-17Playing Alpha Centauri, Part 2Ahuka
3991Mon2023-11-20YOU ARE A PIRATE operat0r
3992Tue2023-11-21Test recording on a wireless micArcher72
3993Wed2023-11-22z80 membership cardBrian in Ohio
3994Thu2023-11-23Lastpass Responseoperat0r
3995Fri2023-11-24Creating Your Own Internet Radio Streaming DeviceClaudio Miranda
3996Mon2023-11-27Holiday Challenges Series - Ep 1 - Advent of CodeTrey
3997Tue2023-11-28The Oh No! News.Some Guy On The Internet
3999Thu2023-11-30Holiday Challenges Series Ep 02 TryHackMe Advent of Cyber ChallengeTrey
\n\n

Comments this month

\n\n

These are comments which have been made during the past month, either to shows released during the month or to past shows.\nThere are 4 comments in total.

\n\n

This month\'s shows

\n

There are 4 comments on 4 of this month\'s shows:

\n\n\n

Mailing List discussions

\n

\nPolicy decisions surrounding HPR are taken by the community as a whole. This\ndiscussion takes place on the Mail List which is open to all HPR listeners and\ncontributors. The discussions are open and available on the HPR server under\nMailman.\n

\n

The threaded discussions this month can be found here:

\nhttps://lists.hackerpublicradio.com/pipermail/hpr/2023-November/thread.html\n\n\n

Events Calendar

\n

With the kind permission of LWN.net we are linking to\nThe LWN.net Community Calendar.

\n

Quoting the site:

\n
This is the LWN.net community event calendar, where we track\nevents of interest to people using and developing Linux and free software.\nClicking on individual events will take you to the appropriate web\npage.
\n\n

Any other business

\n

Example section

\n\n\n\n',159,47,1,'CC-BY-SA','Community News',0,0,1), (3714,'2022-10-27','The News with Some Guy On the Internet',609,'Threat Analysis','

Threat Analysis; your\nattack surface.

\n

The Hacker News

\nNew\nChinese Malware Attack Framework Targets Windows, macOS, and Linux\nSystems.\n

A previously undocumented command-and-control (C2) framework dubbed\nAlchimist is likely being used in the wild to target Windows, macOS, and\nLinux systems.

\n

\"Alchimist C2 has a web interface written in Simplified Chinese and\ncan generate a configured payload, establish remote sessions, deploy\npayloads to the remote machines, capture screenshots, perform remote\nshellcode execution, and run arbitrary commands,\" Cisco Talos said in a\nreport shared with The Hacker News. Written in GoLang, Alchimist is\ncomplemented by a beacon implant called Insekt, which comes with remote\naccess features that can be instrumented by the C2 server.”

\n

\"Since Alchimist is a single-file based ready-to-go C2 framework, it\nis difficult to attribute its use to a single actor such as the authors,\nAPTs, or crimeware syndicates.\"

\n

The trojan, for its part, is equipped with features typically present\nin backdoors of this kind, enabling the malware to get system\ninformation, capture screenshots, run arbitrary commands, and download\nremote files, among others.

\n

Alchimist C2 panel further features the ability to generate first\nstage payloads, including PowerShell and wget code snippets for Windows\nand Linux, potentially allowing an attacker to flesh out their infection\nchains to distribute the Insekt RAT binary. The instructions could then\nbe potentially embedded in a maldoc attached to a phishing email that,\nwhen opened, downloads and launches the backdoor on the compromised\nmachine. What\'s more, the Linux version of Insekt is capable of listing\nthe contents of the \".ssh\" directory and even adding new SSH keys to the\n\"~/.ssh/authorized_keys\" file to facilitate remote access over SSH.

\n

The Hacker News

\nHackers\nUsing Vishing to Trick Victims into Installing Android Banking\nMalware.\n

Malicious actors are resorting to voice phishing (vishing) tactics to\ndupe victims into installing Android malware on their devices.

\n

The Dutch mobile security company said it identified a network of\nphishing websites targeting Italian online-banking users that are\ndesigned to get hold of their contact details.

\n

Telephone-oriented attack delivery (TOAD), as the social engineering\ntechnique is called, involves calling the victims using previously\ncollected information from the fraudulent websites.

\n

The caller, who purports to be a support agent for the bank,\ninstructs the individual on the other end of the call to install a\nsecurity app and grant it extensive permissions, when, in reality, it\'s\nmalicious software intended to gain remote access or conduct financial\nfraud.

\n

What\'s more, the infrastructure utilized by the threat actor has been\nfound to deliver a second malware named SMS Spy that enables the\nadversary to gain access to all incoming SMS messages and intercept\none-time passwords (OTPs) sent by banks.

\n

The new wave of hybrid fraud attacks presents a new dimension for\nscammers to mount convincing Android malware campaigns that have\notherwise relied on traditional methods such as Google Play Store\ndroppers, rogue ads, and smishing.

\n

The Hacker News

\n64,000\nAdditional Patients Impacted by Omnicell Data Breach - What is Your Data\nBreach Action Plan?\n

Founded in 1992, Omnicell is a leading provider of medication\nmanagement solutions for hospitals, long-term care facilities, and\nretail pharmacies. On May 4, 2022, Omnicell\'s IT systems and third-party\ncloud services were affected by ransomware attacks which may lead to\ndata security concerns for employees and patients. While it is still\nearly in the investigation, this appears to be a severe breach with\npotentially significant consequences for the company.

\n

Omnicell began informing individuals whose information may have been\ncompromised on August 3, 2022. Hackers may be able to access and sell\npatient-sensitive information, such as social security numbers, due to\nthe time delay between the breach and the company\'s report of affected\npatients.

\n

The type of information that may be exposed are:

\n
    \n
  • Credit card information.
    • \n
  • Financial information.
    • \n
  • Social security numbers.
    • \n
  • Driver\'s license numbers.
    • \n
  • Health insurance details.
    • \n
\n

The healthcare industry is one of the most targeted sectors globally,\nwith attacks doubling year over year. And these costs are measured in\nmillions or even billions of dollars - not to mention increased risks\nfor patients\' privacy (and reputation).

\n

The Washington Post

\n

How to\nprotect schools getting whacked by ransomware.

\n

Ransomware gangs are taking Americans to school. So far this year,\nhackers have taken hostage at least 1,735 schools in 27 districts; the\nmassive Los Angeles Unified School District is their latest target.

\n

Ransomware hackers breach computers, lock them up, steal sensitive\ndata and demand money to release their hold on organizations’ critical\nsystems. These criminals often attack schools because they are\nprofitable targets. If all ransomware victims refused to pay, the\nattacks would stop. Indeed, paying up might be illegal: The Treasury\nDepartment released guidance last year noting that giving money to\nglobal criminal organizations can violate sanctions law.

\n

The trouble is, saying no isn’t always easy. Los Angeles didn’t\ncapitulate, and the criminals leaked a trove of data — a consequence\nthat can prove more or less serious depending on the sensitivity of the\nstolen information.

\n

“Because we can,” said a representative of the ransomware gang that\ntook down Los Angeles Unified School District, explaining the\ncollective’s motivations to a Bloomberg News reporter. Schools’ task is\nto turn “can” to “can’t” — or, at least, to make success pay a whole lot\nless.

\n

CNET News.

\nVerizon\nAlerts Prepaid Customers to Recent Security Breach.\n

Verizon notified prepaid customers this week of a recent cyberattack\nthat granted third-party actors access to their accounts, as reported\nearlier Tuesday by BleepingComputer. The attack occurred between Oct. 6\nand Oct. 10 and affected 250 Verizon prepaid customers.

\n

The breach exposed the last four digits of customers\' credit cards\nused to make payments on their prepaid accounts. While no full credit\ncard information was accessible, the information was enough to grant the\nattackers access to Verizon user accounts, which hold semi-sensitive\ndata such \"name, telephone number, billing address, price plans, and\nother service-related information,\" per a notice from Verizon.

\n

Account access also potentially enabled attackers to process\nunauthorized SIM card changes on prepaid lines. Also known as SIM\nswapping, unauthorized SIM card changes can allow for the transfer of an\nunsuspecting person\'s phone number to another phone.

\n

From there, the counterfeit phone can be used to receive SMS messages\nfor password resets and user identification verifications on other\naccounts, giving attackers potential access to any account they have, or\ncan guess, the username for. Consequently, Verizon recommended affected\ncustomers secure their non-Verizon accounts such as social media,\nfinancial, email and other accounts that allow for password resets by\nphone.

\n',391,0,0,'CC-BY-SA','Threat Analysis, Security Breach, Ransomware, Data Breach, TOAD',0,0,1), (3717,'2022-11-01','Video editing with Shotcut on a low end PC',695,'In this episode I explain how I use the shotcut video editor to edit video on a low end PC.','

Links

\n

Shotcut video editor website

\n

Useful\nShortcut keys for the Shotcut video editor

\n
C = copy\nV = paste\nA = duplicate\nX = ripple delete\nCtrl + X = ripple delete but send to clipboard\nS = split
\n

Tip not covered in my\nPodcast

\n

Splits are not fixed and can be adjusted. Once you\'ve split up clips\nand put them in the right order on the timeline you can still adjust the\ncut point even though you previously split the clip because the clip is\nreferenced to the original file in the playlist.

\n

Introduction

\n

Hello and welcome Hacker Public Radio audience my name is Mr X\nwelcome to this podcast. As per usual I\'d like to start by thanking the\npeople at HPR for making this podcast possible. HPR is a Community led\npodcast provided by the community for the community that means you can\ncontribute to. The HPR team have gone to great deal of effort to\nsimplify and streamline the process of providing podcasts. There are\nmany ways to record an episode these days using phones tablets PCs and\nalike. The hardest barrier is sending in your first show. Don\'t get too\nhung up about quality, it\'s more important just to send something in.\nThe sound quality of some of my early shows wasn\'t very good. If I can\ndo it anyone can and you might just get hooked in the process.

\n

Well it\'s been almost a year since I\'ve sent in a show. Looking at\nthe HPR site my last episode was back in November 2021. I suspect like\nmany others life has become more complicated and I find I have much less\nspare time and because I have much less spare time I have much less time\nto pursue my hobbies and because of this I have less to speak about and\nbecause of this I have less time to record what I\'ve been doing and it\nall turns into to vicious circle. Fortunately I recently had some time\noff work and had a lovely holiday. During the holiday I ended up\nrecording some video which I decided I wanted to edit. I\'ve done some\nvideo editing in the past using various video editing packages. The best\nand most recent of which is shotcut.

\n

Specific details and\nequipment

\n

Video resolution 1920 x 1080, Codec h264 mpeg-4, Frame rate 30 frames\nper second.

\n

Computer Dell Optiplex 780. Fitted with 4 GB of internal RAM and\nonboard video graphics card.

\n

Shotcut version 22.06.23 Shotcut is a free open-source cross-platform\nvideo editor licenced under the GNU general public licence version\n3.0

\n

This episode will only cover basic shotcut video editing techniques.\nShotcut contains many advanced features and effects that will not be\ncovered in this episode. A lot of the workflow I’ll share with you today\nis intended to get around limitations imposed by my low spec PC

\n

I\'ll try my best to cover the video editing process in this podcast\nusing words alone; however I am conscious that an accompanying video\nwould make it easier to follow along.

\n

Shotcut workflow

\n

Start by creating a folder to hold all the required media files.\nAudio tracks and sound effects can be added to this folder later. Make\nsure all your video files are using the same frame rate in my case 30\nframes per second.

\n

Open each video file in VLC one at a time going through each video\nfile looking for the best portions of video. Make a note of where the\nbest portions of the video are by writing down the start and end points\nin minutes and seconds.

\n

I do this because the interface of VLC is more responsive than\nshortcut and the resolution of displayed video is far greater than the\npreview in shortcut. This makes it quicker and easier to find the best\nportions of video.

\n

Open shortcut and make sure the new project is set to the same frames\nper second as the media files you\'re working with, in my case 30 frames\nper second. You can check the frame rate of your project by looking at\nthe selected video mode in the new projects window. If you select\nautomatic it will ensure the project resolution and frame rate\nautomatically match that of your media files.

\n

Start by adding all the video files to the playlist, this can be done\nin a number of ways for example it can be done by clicking on the open\nfile button in the top toolbar or within the open files menu.\nAlternatively you can drag and drop files into the playlist. I find this\nto be the easiest way to add media files to a project. Once this is done\nsave your project.

\n

Drag the first file from the Playlist to the timeline making sure\nthat the start of the video starts at 0 seconds.

\n

Click on the timeline in the position where the first start point of\ninterest is needed. Use the S key to split the video at this point.\nDon\'t worry about being too accurate as this can be moved at a later\nstage.

\n

Repeat this process for the end point of interest.

\n

Repeat this again for all the other sections of start and end points\nof interest.

\n

Remove the unwanted sections of video by clicking on a section then\nhitting the delete key. This will remove the unwanted section leaving an\nempty space behind.

\n

Once all the unwanted sections are removed click on the sections of\nvideo and pull them to the left to close the gaps up. I find it useful\nto leave some space between the good sections of video as it makes it\neasier to see where splits are and makes it easier later on to rearrange\nthe order of the individual clips.

\n

Check the start and end points of the remaining sections of video to\nsee that the start and end points stop in the correct place. You can do\nthis by clicking the play button on the preview window. The video start\nand end points can be adjusted by dragging the section left or right in\nin the timeline section; this is where leaving spaces Between each\nsection of video can be handy as it allows for fine tuning.

\n

Add a new blank video track to the timeline to hold the next video.\nNote this wasn\'t required when adding the first video track but it is\nneeded for each subsequent track. A video track can be added by right\nclicking on an empty portion of the timeline and selecting add video\ntrack. Alternatively use the ctrl + I key.

\n

Drag your second video from the playlist onto the newly created blank\nvideo track in the timeline. As before make sure that the start of the\nvideo starts at 0 seconds.

\n

Before previewing any section of the second video track click the\nsmall eye shaped hide icon in the left section of the first video track\nlabelled output. This will prevent previewing both video tracks at the\nsame time.

\n

Repeat the process above of chopping the second video track into\nsections using the S key to split the video up. Remove the unwanted\nsections. Finally adjust the start and end points of the remaining\nsections.

\n

Repeat the steps above to add the remaining video files one at a time\nfrom the playlist to the timeline.

\n

When complete you end up with separate video tracks in the timeline\neach containing good sections of video.

\n

At this stage I can\'t be too specific about how to continue as there\nare a number of different options depending on your particular Project.\nYou can for example start by combining the good sections of video into\none video track by dragging them from one track to another then add if\nrequired an audio track or you can add the audio track first and then\ntry to sync things up to the audio track moving bits and pieces of video\ninto one video track remembering to hide the unwanted sections of video\nby clicking on the small hide eye icons. Don\'t do too much editing\nwithout saving the project. If you get a message about low memory save\nthe project then reopen it.

\n

To export the final video click on the export button in the toolbar.\nI pick the default option, this creates an H.264/AAC MP4 file suitable\nfor most users and purposes. You can check the frame rate is the same as\nyour original media files by clicking on the advanced tab. Click the\nexport file button and give it a file name. It may take some time to\ncreate the export file. This will be dependent on the speed of your\ncomputer and the length and resolution of your project.

\n

While Shotcut is far from perfect on my puny PC it is surprisingly\nusable and stable and is the best option I’ve found so far.

\n

Finally here are some general shotcut tips I have when doing video\nediting on a puny PC with limited ram, slow processor and built in\ngraphics card such as mine.

\n

General Tips\nwhen working with a low powered PC

\n

Close all open applications leaving only shortcut open this helps\nwith RAM usage

\n

Shortcut is surprisingly stable with a feeble PC such as mine. I\nwould still recommend saving your project regularly as it is quick and\nvery easy to do.

\n

If you get a message about running out of RAM then try not to do too\nmuch more editing before saving the project. Once saved close shotcut\nand then reopen it. The longer your project is and the higher your\nproject resolution the more RAM you will need.

\n

When you are about to export your final video save the project close\nshortcut reopen shotcut and immediately export your project as any\nprevious editing may be taking up precious ram.

\n

Be patient when clicking on the timeline to repositioned the play\nhead. Always wait for the preview window to update. This can sometimes\ntake a few seconds.

\n

When trying to sync video to audio you need to zoom in in quite a\nlong way before getting an audio preview. When doing this and moving the\nplay head you\'ll get a choppy version of the audio with this it is still\nperfectly possible to find the beat of the music allowing you to sync\nyour video to the music. If this doesn\'t seem to work for you then try\nzooming in closer.

\n

Ok that\'s about it for this podcast. Hope it wasn\'t too boring and it\nmade some sense. If you want to contact me I can be contacted at\nmrxathpr at googlemail.

\n

Thank you and goodbye.

\n',201,0,0,'CC-BY-SA','workflow, tips, video, editing, application',0,0,1), (3719,'2022-11-03','HPR News',594,'InfoSec; the language of security.','

InfoSec; the language of\nsecurity.

\n

What\nis Typosquatting and How Do Scammers Use it?

\n
    \n
  • Typosquatting, as an attack, uses modified or misspelled domain\nnames to trick users into visiting fraudulent websites; the heart of\nthis attack is domain name registration. Typosquatting is deployed by\nscammers to defraud unaware users. Attackers will attempt to: mimic\nlogin pages, redirect traffic, download malware, and extort users.
    • \n
  • Past Known Typosquatting Attacks.\n
      \n
    • Several\nMalicious Typosquatted Python Libraries Found On PyPI\nRepository
      • \n
    • Over\n700 Malicious Typosquatted Libraries Found On RubyGems\nRepository
      • \n
    • Security\nadvisory: malicious crate rustdecimal
      • \n
    • This\nWeek in Malware-Malicious Rust crate, \'colors\' Typosquats
      • \n
    • \n
  • Solutions to Typosquatting.\n
    • \n
  • DNS monitoring services.\n
      \n
    • Link to dnstwister: https://dnstwister.report/
      • \n
    • Link to whois: https://www.whois.com/whois
      • \n
    • \n
  • Password Managers.\n
      \n
    • Link to bitwarden: https://bitwarden.com/
      • \n
    • Link to keepassxc: https://keepassxc.org/
      • \n
    • \n
\n
\n

Two-factor and\nMultifactor Authentication.

\n
    \n

  • First, authentication. This is the process of verifying the\nvalidity of something; in our case, user credentials/identity. The most\ncommon way to authenticate is: USERNAME and PASSWORD.\nThis is just a single layer (single-factor authentication) and isn’t\nenough to discourage attackers.

    • \n

  • Second, 2FA (Two-factor Authentication). 2FA increases the\ndifficulty for attackers by providing users an additional layer of\nsecurity to accomplish authentication. Common 2FA methods are: TOTP/OTP\n(the One Time Password), Authenticator\nApplications (Bitwarden, KeePassXC,...), and Security Keys (Yubikey). This works similar to ATMs;\nto authenticate the user must provide both knowledge (account\nPIN) and a physical object (bank card).

    • \n

  • Last, but not least, MFA (Multifactor Authentication). Similar to\n2FA, MFA offers users security with the addition of biometrics\n(fingerprint scan, retina scan, facial recognition, and voice\nrecognition). Attackers must overcome the knowledge factor, Possession\nfactor, Inherence/Biometric factor, Time factor, and sometimes Location\nfactor.

    • \n

  • MORE helpful security information.

    \n
    • \n

  • 2FA/MFA Known Attacks.

    \n
      \n
    • Bots\nThat Steal Your 2FA Codes.
      • \n
    • hackers\nare cracking two-factor authentication
      • \n
    • \n
\n',391,0,0,'CC-BY-SA','InfoSec, Typosquatting, SFA, 2FA, MFA, Security',0,0,1), @@ -483,9 +483,9 @@ INSERT INTO `eps` (`id`, `date`, `title`, `duration`, `summary`, `notes`, `hosti (3899,'2023-07-13','Repair corrupt video files for free with untruc',320,'This is how I fixed corrupt video files from my dash cam after an accident','

My original blog post on this topic: https://pquirk.com/posts/corruptvideo/

\n
    \n
  • Untruc at Github: https://github.com/anthwlock/untrunc
    • \n
  • Windows version: https://github.com/anthwlock/untrunc/releases
    • \n
  • Arch linux version: https://aur.archlinux.org/packages/untrunc-git
    • \n
\n

Make your donations to:
\nhttps://www.paypal.com/paypalme/anthwlock
\nhttps://vcg.isti.cnr.it/~ponchio/untrunc.php

\n',383,0,0,'CC-BY-NC-SA','video,corrupt,fix,file,linux',0,0,1), (3921,'2023-08-14','HPR AudioBook Club 23 - John Carter of Mars (Books 1-3)',6516,'In this episode the HPR Audiobook Club discusses the first three books of John Carter of Mars','In\nthis episode the HPR Audiobook Club discusses the audiobooks A\nPrincess of Mars, The\nGods of Mars, and The\nWarlord of Mars by Edgar Rice Burroughs\n
\n

Non-Spoiler Thoughts

\n
\n
    \n
  • Burroughs is kind of verbose, which is symbolic of the time period\nin which it was written.
    • \n
\n

Beverage Reviews

\n
\n
    \n
  • Thaj: Tempting fate with a tall glass of the highly\ntoxic, Dihydrogen\nMonoxide
    • \n
  • x1101: Shipyard\nLittle Horror of Hops Its a very amber IPA
    • \n
  • Pokey: Yellow Tail\nChardonay Its definitely a chardonay in flavor. You can taste the\ncost effectiveness up front, but it mellows out on the finish, and is\npretty okay for the price on average.
    • \n
  • FiftyOneFifty: Funky Pumpkin spiced\npumpkin ale
    • \n
  • Mark: Lagunitas IPA
    • \n
\n

Things We Talked About

\n
\n
    \n

  • Chat Secure secure XMPP,\nThink of the children!!!

    • \n

  • Technology on Barsoom

    • \n

  • Deus Ex Machina much???

    • \n

  • Names in fantasy books

    • \n
\n

Our Next Audiobook

\n
\n

See\nYou At The Morgue by Lawrence Blochman

\n

The Next Audiobook Club\nRecording

\n
\n

Right now we are working through a backlog of older episode that have\nalready been recorded. Once that ends we fully anticipate recording new\nepisodes with listener participation.

\n

Feedback

\n
\n

Thank you very much for listening to this episode of the HPR\nAudioBookClub. We had a great time recording this show, and we hope you\nenjoyed it as well. We also hope you\'ll consider joining us next time we\nrecord a new episode. Please leave a few words in the episode\'s comment\nsection.

\n

As always; remember to visit the HPR contribution page HPR could\nreally use your help right now.

\n

Sincerely, The HPR Audiobook Club

\n

P.S. Some people really like finding mistakes. For their enjoyment,\nwe always include a few.

\n

Our Audio

\n
\n

This episode was processed using Audacity. We\'ve been making\nsmall adjustments to our audio mix each month in order to get the best\npossible sound. Its been especially challenging getting all of our\nvoices relatively level, because everyone has their own unique setup.\nMumble is great for bringing us all together, and for recording, but\nit\'s not good at making everyone\'s voice the same volume. We\'re pretty\nhappy with the way this month\'s show turned out, so we\'d like to share\nour editing process and settings with you and our future selves (who, of\ncourse, will have forgotten all this by then).

\n

We use the \"Truncate Silence\" effect with it\'s default settings to\nminimize the silence between people speaking. When used with it\'s\ndefault (or at least reasonable) settings, Truncate Silence is extremely\neffective and satisfying. It makes everyone sound smarter, it makes the\nfile shorter without destroying actual content, and it makes a\nconversations sound as easy and fluid during playback as it was while it\nwas recorded. It can be even more effective if you can train yourself to\nremain silent instead of saying \"uuuuummmm.\" Just remember to ONLY pass\nthe file through Truncate Silence ONCE. If you pass it through a second\ntime, or if you set it too aggressively your audio may sound sped up and\nchoppy.

\n

Next we use the \"Compressor\" effect with the following settings:

\n
Threshold: -30db\n\nNoise Floor: -50db\n\nRatio: 3:1\n\nAttack Time: 0.2sec\n\nDecay Time: 1.0 sec
\n

\"Make-up Gain for 0db after compressing\" and \"compress based on\npeaks\" were both left un-checked.

\n

After compressing the audio we cut any pre-show and post-show chatter\nfrom the file and save them in a separate file for possible use as\nouttakes after the closing music.

\n

We adjust the Gain so that the VU meter in Audacity hovers around\n-12db while people are speaking, and we try to keep the peaks under\n-6db, and we adjust the Gain on each of the new tracks so that all\nvolumes are similar, and more importantly comfortable. Once this is done\nwe can \"Mix and Render\" all of our tracks into a single track for export\nto the .FLAC file which is uploaded to the HPR server.

\n

At this point we listen back to the whole file and we work on the\nshownotes. This is when we can cut out anything that needs to be cut,\nand we can also make sure that we put any links in the shownotes that\nwere talked about during the recording of the show. We finish the\nshownotes before exporting the .aup file to .FLAC so that we can paste a\ncopy of the shownotes into the audio file\'s metadata.

\n

At this point we add new, empty audio tracks into which we paste the\nintro, outro and possibly outtakes, and we rename each track\naccordingly.

\n

Remember to save often when using Audacity. We like to save after\neach of these steps. Audacity has a reputation for being \"crashy\" but if\nyou remember save after every major transform, you will wonder how it\never got that reputation.

\n

Attribution

\n
\n

Record\nScratch Creative Commons 0

\n',157,0,1,'CC-BY-SA','mars, audiobook club, fiction, scifi, audiobook',0,0,1), (4151,'2024-07-01','HPR Community News for June 2024',0,'HPR Volunteers talk about shows released and comments posted in June 2024','',159,47,1,'CC-BY-SA','Community News',0,0,1), -(4176,'2024-08-05','HPR Community News for July 2024',0,'HPR Volunteers talk about shows released and comments posted in July 2024','',159,47,1,'CC-BY-SA','Community News',0,0,1), -(3902,'2023-07-18','Introduction to a new series on FFMPEG',474,'In this episode, I introduce FFMPEG, media containers, and codecs','

Links

\n\n\n',300,0,0,'CC-BY-SA','ffmpeg,video streaming,audio streaming',0,0,1); -INSERT INTO `eps` (`id`, `date`, `title`, `duration`, `summary`, `notes`, `hostid`, `series`, `explicit`, `license`, `tags`, `version`, `downloads`, `valid`) VALUES (3903,'2023-07-19','Why I don\'t love systemd (yet)',396,'Klaatu reads a script by Deepgeek about systemd','

I\'ve been meaning to put down my thoughts about SystemD for the HPR\ncommunity for some while, so here goes.

\n

I want to say that I am not a SystemD hater. When SystemD was a hot\ntopic of debate, many became irrational over it, but I want to start by\nsaying that I don\'t think it\'s a bad technology. I think it is a rather\ngood technology. I just don\'t want it on my personal computer. So I\nwould like to run things down in this order: what is it (as in, what is\nit really,) what makes it a good technology, why I don\'t want it now\n(but might later,) and a few tips for you if you decide that you don\'t\nwant it currently.

\n

SystemD Is not an init system. SystemD includes an init system.\nSystemD Init was faster than SysVInit, but SystemD Init isn\'t the\nfastest init system, and SysVInit now has a parallelization helper, at\nleast on Debian.

\n

So, if SystemD Init is not SystemD, than what is SystemD? To\nunderstand this we must first understand something about Linux. Linux\noperates under a model where there are root processes, and there are\nuser processes. These two kinds of processes are usually called\n\"layers.\" SystemD is actually a third layer, that can be called a system\nlayer. So when SystemD is added to a Linux system, that changes the\nsystem so that there are three layers, a root layer, a user layer, and a\nsystem layer. As such, you now ask SystemD to set how the system runs.\nThis is why SystemD includes things like an init system, because if you\nwant to change what the system is running, you ask SystemD to change it.\nSystemD then messages an appropriate system to implement the change,\nlike messaging its init system to bring up or bring down a system\ndaemon. Once you play out this in your head a bit, you really realize\nthat SystemD acts more like a message passing system in this regard.

\n

So why do I say SystemD is a good technology? Because this can\nstandardize system control. Without SystemD a fleet of computers becomes\nlike individual fingerprints or unique snowflakes. If you manage many\ncomputers, as many professional IT people do, you want them to all run\nthe same, all have the same profiles and general configurations. So if\nyou have a bunch of computers you are running, you can run a lot more if\nthey are all run the same way. If your job requires you to run 10,000\nwebservers, you want them to run identically because it is impossible to\nkeep an understanding of 10,000 unique configurations in a human\nhead.

\n

SystemD really shines in its support of virtualization as well. So\nto speak of servers, I used to run an email server for a few friends.\nEach of us had a userid and number as unix users. The mapping of unix\nuserids and postfix userids can get confusing when it gets big. Thanks\nto SystemD\'s virtualization work, you can actually put a service like\nemail into a namespace situation so that it has only the users root and\nthe daemon user id (like \"postfix\"), so SystemD greatly enhances\nsecurity for server installations. This might help explain its\ndominance in linux distributions that have been traditionally\nserver-centric, such as debian and redhat.

\n

So why don\'t I don\'t want it? Well, I\'ve been doing a lot of talking\nabout professional computer work and corporate work environments, but I\nuse a \"Personal Computer\" as a hobby. I\'ve been out-of-industry for\ndecades now. And when I say \"Personal Computer\" I\'m not talking a\nhardware specification, rather I\'m talking about \"This is my personal\ncomputer where I do things my way, as opposed to my work computer where\nI do things my companies way\". Dear listener, please remember that I did\nthe first community show contribution to HPR, and my topic was about\npersonalization. For me, a hobbyist interested in operating system\nexperimentation, I don\'t want a system layer, I want a traditional\nunix-like system that operates on a two-layer model and does things my\nway, nobody else\'s way.

\n

So, what advice can I give to those who don\'t want SystemD now? Well,\nrecently I\'ve left Debian. Debian, you see, supports init system\ndiversity, but as you now know dear listener, that is different than\nbeing without SystemD. You may have heard that SystemD is\nlinux-specific, that is to say that it runs only on linux, not anything\nlike a BSD system or a Windows system. But you may be curious to know\nthat it is also Gnu-libC specific. Which means that the C compiler must\nuse GNU\'s libC standard library. Thus, if you have a system built around\nthe Musl C standard library like Alpine or Void, or a system like\nAndroid that runs on the Bionic C Standard library, you wont have a\nSystemD system. I\'m personally learning Void as its package manager\nsupports both binary and a ports collection much like the BSD\'s. But\nthat is what I\'m doing on my personal computer, I leave you in the\nfreedom to do things your way on your personal computer!

\n\n',73,99,0,'CC-BY-SA','systemd,linux',0,0,1), +(4176,'2024-08-05','HPR Community News for July 2024',0,'HPR Volunteers talk about shows released and comments posted in July 2024','',159,47,1,'CC-BY-SA','Community News',0,0,1); +INSERT INTO `eps` (`id`, `date`, `title`, `duration`, `summary`, `notes`, `hostid`, `series`, `explicit`, `license`, `tags`, `version`, `downloads`, `valid`) VALUES (3902,'2023-07-18','Introduction to a new series on FFMPEG',474,'In this episode, I introduce FFMPEG, media containers, and codecs','

Links

\n\n\n',300,0,0,'CC-BY-SA','ffmpeg,video streaming,audio streaming',0,0,1), +(3903,'2023-07-19','Why I don\'t love systemd (yet)',396,'Klaatu reads a script by Deepgeek about systemd','

I\'ve been meaning to put down my thoughts about SystemD for the HPR\ncommunity for some while, so here goes.

\n

I want to say that I am not a SystemD hater. When SystemD was a hot\ntopic of debate, many became irrational over it, but I want to start by\nsaying that I don\'t think it\'s a bad technology. I think it is a rather\ngood technology. I just don\'t want it on my personal computer. So I\nwould like to run things down in this order: what is it (as in, what is\nit really,) what makes it a good technology, why I don\'t want it now\n(but might later,) and a few tips for you if you decide that you don\'t\nwant it currently.

\n

SystemD Is not an init system. SystemD includes an init system.\nSystemD Init was faster than SysVInit, but SystemD Init isn\'t the\nfastest init system, and SysVInit now has a parallelization helper, at\nleast on Debian.

\n

So, if SystemD Init is not SystemD, than what is SystemD? To\nunderstand this we must first understand something about Linux. Linux\noperates under a model where there are root processes, and there are\nuser processes. These two kinds of processes are usually called\n\"layers.\" SystemD is actually a third layer, that can be called a system\nlayer. So when SystemD is added to a Linux system, that changes the\nsystem so that there are three layers, a root layer, a user layer, and a\nsystem layer. As such, you now ask SystemD to set how the system runs.\nThis is why SystemD includes things like an init system, because if you\nwant to change what the system is running, you ask SystemD to change it.\nSystemD then messages an appropriate system to implement the change,\nlike messaging its init system to bring up or bring down a system\ndaemon. Once you play out this in your head a bit, you really realize\nthat SystemD acts more like a message passing system in this regard.

\n

So why do I say SystemD is a good technology? Because this can\nstandardize system control. Without SystemD a fleet of computers becomes\nlike individual fingerprints or unique snowflakes. If you manage many\ncomputers, as many professional IT people do, you want them to all run\nthe same, all have the same profiles and general configurations. So if\nyou have a bunch of computers you are running, you can run a lot more if\nthey are all run the same way. If your job requires you to run 10,000\nwebservers, you want them to run identically because it is impossible to\nkeep an understanding of 10,000 unique configurations in a human\nhead.

\n

SystemD really shines in its support of virtualization as well. So\nto speak of servers, I used to run an email server for a few friends.\nEach of us had a userid and number as unix users. The mapping of unix\nuserids and postfix userids can get confusing when it gets big. Thanks\nto SystemD\'s virtualization work, you can actually put a service like\nemail into a namespace situation so that it has only the users root and\nthe daemon user id (like \"postfix\"), so SystemD greatly enhances\nsecurity for server installations. This might help explain its\ndominance in linux distributions that have been traditionally\nserver-centric, such as debian and redhat.

\n

So why don\'t I don\'t want it? Well, I\'ve been doing a lot of talking\nabout professional computer work and corporate work environments, but I\nuse a \"Personal Computer\" as a hobby. I\'ve been out-of-industry for\ndecades now. And when I say \"Personal Computer\" I\'m not talking a\nhardware specification, rather I\'m talking about \"This is my personal\ncomputer where I do things my way, as opposed to my work computer where\nI do things my companies way\". Dear listener, please remember that I did\nthe first community show contribution to HPR, and my topic was about\npersonalization. For me, a hobbyist interested in operating system\nexperimentation, I don\'t want a system layer, I want a traditional\nunix-like system that operates on a two-layer model and does things my\nway, nobody else\'s way.

\n

So, what advice can I give to those who don\'t want SystemD now? Well,\nrecently I\'ve left Debian. Debian, you see, supports init system\ndiversity, but as you now know dear listener, that is different than\nbeing without SystemD. You may have heard that SystemD is\nlinux-specific, that is to say that it runs only on linux, not anything\nlike a BSD system or a Windows system. But you may be curious to know\nthat it is also Gnu-libC specific. Which means that the C compiler must\nuse GNU\'s libC standard library. Thus, if you have a system built around\nthe Musl C standard library like Alpine or Void, or a system like\nAndroid that runs on the Bionic C Standard library, you wont have a\nSystemD system. I\'m personally learning Void as its package manager\nsupports both binary and a ports collection much like the BSD\'s. But\nthat is what I\'m doing on my personal computer, I leave you in the\nfreedom to do things your way on your personal computer!

\n\n',73,99,0,'CC-BY-SA','systemd,linux',0,0,1), (3904,'2023-07-20','How to make friends',2861,'This topic is being actively researched. Not for production use.','

Show notes

\n
    \n
  • \n

    No clear mark of when friendship starts

    \n
    • \n
  • \n

    often feels \"right\" when mutual

    \n
    • \n
  • \n

    to some people friendship is a persistent state. once you have it, it's forever unless explicitly dissolved.

    \n
    • \n
  • \n

    for other people, it's something requiring maintenance. arguable this suggests that there are degrees of friendship, based on when you last spoke to one another.

    \n
    • \n
  • \n

    degrees of friendship also suggests progression. friend → close friend → best friend.

    \n
    • \n
\n

how to make a friend

\n

friendship requires communication.

\n
    \n
  • \n

    start by communicating in some way that makes the other person feel not unpleasant

    \n
    • \n
  • \n

    you're not supposed to target a friend. this can be a frustrating rule, because if you're trying to make a friend, you have to target somebody, but the general consensus is that you're not supposed to \"try too hard\". target lots of people in the hopes of stumbling across somebody to befriend.

    \n
    • \n
  • \n

    complimenting something they have done, even if it's something simple like wearing a cool shirt, is a very easy start

    \n
    • \n
  • \n

    finding ground common allows for repeated communication

    \n
    • \n
  • \n

    repetition of this is what builds friendship. this is why friendships often develop at work, but can dissolve quickly after a job change.

    \n
    • \n
  • \n

    the situation matters. chatting with someone who's being paid to interact with you, like somebody working at a store, doesn't count because in context they more or less cannot choose to stop communicating with you until you leave the store. chatting with someone who has anything to gain by chatting with you doesn't count (like an intern at work).

    \n
    • \n
  • \n

    to speed up a developing friendship, you can invite the person to interact with you on something with a clearly defined goal. You like coding? I like coding! Would you care to collaborate for 4 hours on a script that would help me find my Raspberry Pi on my network?

    \n
    • \n
  • \n

    during the activity, continue to communicate. this can be difficult because you're doing an activity that you both claim to enjoy, so in theory the activity should be sufficient to further the friendship. However, the activity doesn't build the friendship, it only builds a partnership. It's the communication that builds friendship.

    \n
    • \n
\n

unfortunately, there's no clear point during this process at which you know you have made a friend. so you have to define what a friend is, to you, and then work toward that goal.

\n

Here are some examples of definitions for friendship. There is no right or wrong here, it's really just setting your own expectations and requirements:

\n
    \n
  • \n

    A friend is someone to hang out with on sundays.

    \n
    • \n
  • \n

    A friend is someone I can call when I've got some free time to kill.

    \n
    • \n
  • \n

    A friend is someone I can play video games with online.

    \n
    • \n
  • \n

    A friend is someone I can call, day or night, when I need help.

    \n
    • \n
  • \n

    A friend is someone who has come over for dinner, and has met my family, and who I see at least once a month.

    \n
    • \n
\n

There's no official definition, so you must define it yourself.\nYour definition may differ from the other person's definition.\nYou might say \"we are best friends\" but they might say \"no, I already have a best friend, but you're a good friend\" and THAT'S OK.

\n

If it helps, classify what kinds of friends you have so you understand what kinds of relationships you are maintaining.\nCommunicate with your friends, even if it's only to let them know that you're bad at communicating on a regular basis, or ask them how frequently they need to communicate to maintain a healthy friendship.

\n',78,108,0,'CC-BY-SA','autism,friendship,relationship,social engineering',0,0,1), (3905,'2023-07-21','Presenting Fred Black',1105,'I have a short talk to present Fred Black.','
    \n
  • IB-program https://ibo.org/
    • \n
  • Animals To The Max https://corbinmaxey.com/podcast-1
    • \n
  • I Spend A Day With... https://feeds.megaphone.fm/ispentadaywith
    • \n
  • The Vinyl Guide https://www.thevinylguide.com/
    • \n
  • NSOD - Norsken, Svensken og Dansken https://podkast.nrk.no/program/norsken_svensken_og_dansken.rss
    • \n
\n',309,0,0,'CC-BY-SA','school,podcasts,instrument,quiz',0,0,1), (3906,'2023-07-24','The Oh No! News.',1741,'Sgoti discusses the threat of convenience.','

The Oh No! news.

\n

Oh No! News is Good\nNews.

\n
    \n
  • TAGS: Oh No News, InfoSec, browser security,\nsession tokens, session id
    • \n
\n
\n

InfoSec; the language\nof security.

\n
    \n
  • Source: Session ID.
    \n
    • \n
  • Source: JSON Web\nToken.
    \n\n
      \n
    • Terms\nof Use: Copyleft, free content
      \n
      • \n
    • \n
  • Source: Session\nvs Token Based Authentication.
    \n\n
      \n
    • Terms\nof Use: CC-BY-SA (with CC-BY-NC-SA elements).
      \n
      • \n
    • \n
  • Source: Steal Application\nAccess Token. Adversaries can steal application access tokens as a\nmeans of acquiring credentials to access remote systems and resources.\nApplication access tokens are used to make authorized API requests on\nbehalf of a user or service and are commonly used as a way to access\nresources in cloud and container-based applications and\nsoftware-as-a-service (SaaS).
    \n\n
      \n
    • Terms of\nUse: Similar to CC-BY-SA
      \n
      • \n
    • \n
  • Source: Analysis:\nCircleCI attackers stole session cookie to bypass MFA.
    \n\n
      \n
    • Terms of\nUse: Section 8. CONTENT AND CONTENT LICENSES. NOT\ncertain
      \n
      • \n
    • \n
  • Source: How to Prevent\nSession Hijacking?
    \n\n
    • \n
\n
\n
    \n
  • Additional Information.\n
      \n
    • What is a \"Data\nBreach\"? A data breach is a security violation, in which sensitive,\nprotected or confidential data is copied, transmitted, viewed, stolen,\naltered or used by an individual unauthorized to do so.
      • \n
    • What is \"Malware\"?\nMalware (a portmanteau for\nmalicious software) is any software intentionally designed to cause\ndisruption to a computer, server, client, or computer network, leak\nprivate information, gain unauthorized access to information or systems,\ndeprive access to information, or which unknowingly interferes with the\nuser\'s computer security and privacy.
      • \n
    • What is a \"Payload\"?\nIn the context of a computer virus or worm, the payload is the portion\nof the malware which performs malicious action; deleting data, sending\nspam or encrypting data. In addition to the payload, such malware also\ntypically has overhead code aimed at simply spreading itself, or\navoiding detection.
      • \n
    • What is \"Phishing\"?\nPhishing is a form of social engineering\nwhere attackers deceive people into revealing sensitive information or\ninstalling malware such as ransomware. Phishing\nattacks have become increasingly sophisticated and often transparently\nmirror the site being targeted, allowing the attacker to observe\neverything while the victim is navigating the site, and transverse any\nadditional security boundaries with the victim.
      • \n
    • Social\nengineering (security) In the context of information security,\nsocial engineering is the psychological\nmanipulation of people into performing actions or divulging\nconfidential information. A type of confidence trick for the purpose of\ninformation gathering, fraud, or system access, it differs from a\ntraditional \"con\" in that it is often one of many steps in a more\ncomplex fraud scheme.
      \n
      • \n
    • What is \"Information\nSecurity\" (InfoSec)? Information security, sometimes shortened to\nInfoSec, is the practice of protecting information by mitigating information risks. It\nis part of information risk\nmanagement.\n
        \n
      • Information Security Attributes: Confidentiality, Integrity and Availability (C.I.A.).\nInformation Systems are composed in three main portions, hardware,\nsoftware and communications with the purpose to help identify and apply\ninformation security industry standards, as mechanisms of protection and\nprevention, at three levels or layers: physical, personal and\norganizational. Essentially, procedures or policies are implemented to\ntell administrators, users and operators how to use products to ensure\ninformation security within the organizations.
        • \n
      • \n
    • What is \"Risk\nmanagement\"? Risk management is the identification, evaluation, and\nprioritization of risks followed by coordinated and economical\napplication of resources to minimize, monitor, and control the\nprobability or impact of unfortunate events or to maximize the\nrealization of opportunities.
      • \n
    • What is a \"Vulnerability\"\n(computing)? Vulnerabilities are flaws in a computer system that\nweaken the overall security of the device/system. Vulnerabilities can be\nweaknesses in either the hardware itself, or the software that runs on\nthe hardware.
      • \n
    • What is an \"Attack\nSurface\"? The attack surface of a software environment is the sum of\nthe different points (for \"attack vectors\") where an unauthorized user\n(the \"attacker\") can try to enter data to or extract data from an\nenvironment. Keeping the attack surface as small as possible is a basic\nsecurity measure.
      • \n
    • What is an \"Attack\nVector\"? In computer security, an attack vector is a specific path,\nmethod, or scenario that can be exploited to break into an IT system,\nthus compromising its security. The term was derived from the\ncorresponding notion of vector in biology. An attack vector may be\nexploited manually, automatically, or through a combination of manual\nand automatic activity.
      • \n
    • What is\n\"Standardization\"? Standardization is the process of implementing\nand developing technical standards based on the consensus of different\nparties that include firms, users, interest groups, standards\norganizations and governments. Standardization can help maximize\ncompatibility, interoperability, safety, repeatability, or quality. It\ncan also facilitate a normalization of formerly custom processes.\n
      • \n
    • What is a \"Replay\nattack\"? A replay attack is a form of network attack in which valid\ndata transmission is maliciously or fraudulently repeated or delayed.\nAnother way of describing such an attack is: \"an attack on a security\nprotocol using a replay of messages from a different context into the\nintended (or original and expected) context, thereby fooling the honest\nparticipant(s) into thinking they have successfully completed the\nprotocol run.\"
      • \n
    • What is a\n\"Man-in-the-middle attack\"? In cryptography and computer security, a\nman-in-the-middle, ..., attack is a cyberattack where the attacker\nsecretly relays and possibly alters the communications between two\nparties who believe that they are directly communicating with each\nother, as the attacker has inserted themselves between the two\nparties.
      • \n
    • What is \"Transport Layer\nSecurity\" (TLS)? Transport Layer Security (TLS) is a cryptographic\nprotocol designed to provide communications security over a computer\nnetwork. The protocol is widely used in applications such as email,\ninstant messaging, and voice over IP, but its use in securing HTTPS\nremains the most publicly visible.
      • \n
    • What is a \"Handshake\"\n(computing)?. In computing, a handshake is a signal between two\ndevices or programs, used to, e.g., authenticate, coordinate. An example\nis the handshaking between a hypervisor and an application in a guest\nvirtual machine.
      • \n
    • What is Security\ntheater? The practice of taking security measures that are\nconsidered to provide the feeling of improved security while doing\nlittle or nothing to achieve it.
      \n
      • \n
    • \n
\n
\n\n',391,74,0,'CC-BY-SA','Oh No News, InfoSec, browser security, session tokens, session id',0,0,1), diff --git a/sql/hpr-db-part-15.sql b/sql/hpr-db-part-15.sql index c6509f2..dbd03a8 100644 --- a/sql/hpr-db-part-15.sql +++ b/sql/hpr-db-part-15.sql @@ -487,4 +487,4 @@ UNLOCK TABLES; /*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2023-11-21 3:52:48 +-- Dump completed on 2023-11-22 7:13:02 diff --git a/sql/hpr.sql b/sql/hpr.sql index 4871ccf..a4606bb 100644 --- a/sql/hpr.sql +++ b/sql/hpr.sql @@ -20298,7 +20298,7 @@ INSERT INTO `eps` (`id`, `date`, `title`, `duration`, `summary`, `notes`, `hosti (3712,'2022-10-25','The last ever CCHits.net Show',5756,'The team talk about the nearly 12 years of producing CCHits.net.','

Over 12 years ago, Jon \"The Nice Guy\"\nSpriggs went to a \"Pod Crawl\" with (among others) Dave \"The Love Bug\" Lee, where he\npitched the idea of a daily music promotion show, with a twist - it\nwould all be automated, and use text-to-speech to introduce\neverything.

\n

The first show was released\non 2010-10-24 and the last ever show (this one) was released on\n2022-10-12.

\n

Over the twelve years, Jon would go on to meet to meet Yannick and Ken Fallon, both\nof whom would go on to shape changes (big and small) to CCHits.

\n

This year, the cracks started to re-appear in the architecture\nunderneath CCHits - between APIs shutting down that were used to load\ntracks to CCHits, and the general framework being used to write CCHits\nnot receiving the care and attention it needed... and the team finally\ndecided to stop adding new tracks, and let the process build the last\nfew shows.

\n

This podcast gives you a peek behind the curtain to the team involved\nin the system, and gives you some of the high- and low-lights in the 12\nyears the site ran for.

\n',413,0,0,'CC-BY','music,creative commons,podcast',0,0,1), (3724,'2022-11-10','My top Android apps',579,'I walk through the top apps on my phone','

My most used apps

\n

AIO Launcher

\n\n

\"Main

\n

\n

\n

Termux: Terminal\nemulator with packages

\n\n

QKSMS Messaging

\n\n

Firefox browser

\n
    \n
  • Firefox browser
    • \n
\n

Opera browser

\n
    \n
  • Opera browser
    • \n
\n

Brave browser

\n
    \n
  • Brave browser
    • \n
\n

Clear Scanner PDF scanner and\nOCR

\n\n

Antennapod

\n\n

Tusky

\n\n

K-9 mail client

\n\n

Viber

\n
    \n

  • Viber

    \n
      \n
    • Android and Fedora/Ubuntu desktop app
      • \n
    • App image
      • \n
    • \n
\n

Audio recorder

\n\n

X-plore dual-pane file\nmanager

\n
    \n
  • X-plore dual-pane file\nmanager
    • \n
\n

Librera E-book Reader: for\nPDF, EPUB

\n
    \n

  • Librera E-book Reader

    \n
      \n
    • Books\n
        \n

      • Star Wars: Dark Tide I: Onslaught

        \n

        The New Jedi Order #2

        \n
          \n
        • Star Wars Dark Tide I:\nOnslaught
          • \n
        • \n

      • Boba Fett: A Practical Man

        \n
          \n
        • Boba Fett: A Practical Man
          • \n
        • \n
      • \n
    • \n
\n

Multi Timer

\n
    \n
  • Multi Timer
    • \n
\n

US Amateur Radio Band Plan

\n
    \n

  • US Amateur Radio Band Plan

    \n
      \n
    • Quick reference of band and privilege restrictions
      • \n
    • \n
\n',318,0,0,'CC-BY-SA','Android, Android apps, Mobile phone, Custom launcher',0,0,1), (3725,'2022-11-11','How to use OSMAnd with Public Transport ',124,'Ken shows you how to use this mapping tool to display transit routes in your area.','

\r\n\"\"
\r\nMap of Dublin showing the Temple Bar tourist area. A red arrow points to where you can change the profile.\r\n

\r\n

\r\n\"\"
\r\nWith the Configure Map > Profile selection menu open, a red square surrounds the Bus icon to indicate the \"public transport\" profile is now selected.\r\n

\r\n

\r\n\"\"
\r\nThe map now opens to show more information about public transport is now displayed on the map. This is highlighted with a red square.
\r\nClicking the bustop (highlighted with a red circle ) will show more information about the routes available at this location.\r\n

\r\n

\r\n\"\"
\r\nOnce the transport stop is selected, a list of all the routes that service this location are displayed. Along with other routes that are available within a short distance.\r\n

\r\n

\r\n\"\"
\r\nClicking any of the routes numbers/names will give a zoomed out map showing in red the route many of the stops towards it\'s source and destination.\r\n

\r\n',30,0,0,'CC-BY-SA','OSMAnd, OSM, Maps, Public Transport',0,0,1), -(4001,'2023-12-04','HPR Community News for November 2023',0,'HPR Volunteers talk about shows released and comments posted in November 2023','\n\n

New hosts

\n

\nThere were no new hosts this month.\n

\n\n

Last Month\'s Shows

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
IdDayDateTitleHost
3978Wed2023-11-01Driving in Virginia.Some Guy On The Internet
3979Thu2023-11-02FireStick and ad blockingoperat0r
3980Fri2023-11-03Huntsville to VicksburgAhuka
3981Mon2023-11-06HPR Community News for October 2023HPR Volunteers
3982Tue2023-11-07Conversation with ChatGPTArcher72
3983Wed2023-11-08ChatGPT Output is not compatible with CC-BY-SAKen Fallon
3984Thu2023-11-09Whoppers. How Archer72 and I made moonshine. Volume one.Some Guy On The Internet
3985Fri2023-11-10Bash snippet - be careful when feeding data to loopsDave Morriss
3986Mon2023-11-13Optical media is not deadArcher72
3987Tue2023-11-14The Grim DawnSome Guy On The Internet
3988Wed2023-11-15Beeper.comoperat0r
3989Thu2023-11-16LastPass Security Update 1 November 2023Ahuka
3990Fri2023-11-17Playing Alpha Centauri, Part 2Ahuka
3991Mon2023-11-20YOU ARE A PIRATE operat0r
3992Tue2023-11-21Test recording on a wireless micArcher72
3993Wed2023-11-22z80 membership cardBrian in Ohio
3994Thu2023-11-23Lastpass Responseoperat0r
\n\n

Comments this month

\n\n

These are comments which have been made during the past month, either to shows released during the month or to past shows.\nThere are 4 comments in total.

\n\n

This month\'s shows

\n

There are 4 comments on 4 of this month\'s shows:

\n\n\n

Mailing List discussions

\n

\nPolicy decisions surrounding HPR are taken by the community as a whole. This\ndiscussion takes place on the Mail List which is open to all HPR listeners and\ncontributors. The discussions are open and available on the HPR server under\nMailman.\n

\n

The threaded discussions this month can be found here:

\nhttps://lists.hackerpublicradio.com/pipermail/hpr/2023-November/thread.html\n\n\n

Events Calendar

\n

With the kind permission of LWN.net we are linking to\nThe LWN.net Community Calendar.

\n

Quoting the site:

\n
This is the LWN.net community event calendar, where we track\nevents of interest to people using and developing Linux and free software.\nClicking on individual events will take you to the appropriate web\npage.
\n\n

Any other business

\n

Example section

\n
    \n

  • Bulleted list item 1

    • \n

  • Bulleted list item 2

    • \n
\n\n\n',159,47,1,'CC-BY-SA','Community News',0,0,1), +(4001,'2023-12-04','HPR Community News for November 2023',0,'HPR Volunteers talk about shows released and comments posted in November 2023','\n\n

New hosts

\n

\nThere were no new hosts this month.\n

\n\n

Last Month\'s Shows

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
IdDayDateTitleHost
3978Wed2023-11-01Driving in Virginia.Some Guy On The Internet
3979Thu2023-11-02FireStick and ad blockingoperat0r
3980Fri2023-11-03Huntsville to VicksburgAhuka
3981Mon2023-11-06HPR Community News for October 2023HPR Volunteers
3982Tue2023-11-07Conversation with ChatGPTArcher72
3983Wed2023-11-08ChatGPT Output is not compatible with CC-BY-SAKen Fallon
3984Thu2023-11-09Whoppers. How Archer72 and I made moonshine. Volume one.Some Guy On The Internet
3985Fri2023-11-10Bash snippet - be careful when feeding data to loopsDave Morriss
3986Mon2023-11-13Optical media is not deadArcher72
3987Tue2023-11-14The Grim DawnSome Guy On The Internet
3988Wed2023-11-15Beeper.comoperat0r
3989Thu2023-11-16LastPass Security Update 1 November 2023Ahuka
3990Fri2023-11-17Playing Alpha Centauri, Part 2Ahuka
3991Mon2023-11-20YOU ARE A PIRATE operat0r
3992Tue2023-11-21Test recording on a wireless micArcher72
3993Wed2023-11-22z80 membership cardBrian in Ohio
3994Thu2023-11-23Lastpass Responseoperat0r
3995Fri2023-11-24Creating Your Own Internet Radio Streaming DeviceClaudio Miranda
3996Mon2023-11-27Holiday Challenges Series - Ep 1 - Advent of CodeTrey
3997Tue2023-11-28The Oh No! News.Some Guy On The Internet
3999Thu2023-11-30Holiday Challenges Series Ep 02 TryHackMe Advent of Cyber ChallengeTrey
\n\n

Comments this month

\n\n

These are comments which have been made during the past month, either to shows released during the month or to past shows.\nThere are 4 comments in total.

\n\n

This month\'s shows

\n

There are 4 comments on 4 of this month\'s shows:

\n\n\n

Mailing List discussions

\n

\nPolicy decisions surrounding HPR are taken by the community as a whole. This\ndiscussion takes place on the Mail List which is open to all HPR listeners and\ncontributors. The discussions are open and available on the HPR server under\nMailman.\n

\n

The threaded discussions this month can be found here:

\nhttps://lists.hackerpublicradio.com/pipermail/hpr/2023-November/thread.html\n\n\n

Events Calendar

\n

With the kind permission of LWN.net we are linking to\nThe LWN.net Community Calendar.

\n

Quoting the site:

\n
This is the LWN.net community event calendar, where we track\nevents of interest to people using and developing Linux and free software.\nClicking on individual events will take you to the appropriate web\npage.
\n\n

Any other business

\n

Example section

\n
    \n

  • Bulleted list item 1

    • \n

  • Bulleted list item 2

    • \n
\n\n\n',159,47,1,'CC-BY-SA','Community News',0,0,1), (3714,'2022-10-27','The News with Some Guy On the Internet',609,'Threat Analysis','

Threat Analysis; your\nattack surface.

\n

The Hacker News

\nNew\nChinese Malware Attack Framework Targets Windows, macOS, and Linux\nSystems.\n

A previously undocumented command-and-control (C2) framework dubbed\nAlchimist is likely being used in the wild to target Windows, macOS, and\nLinux systems.

\n

\"Alchimist C2 has a web interface written in Simplified Chinese and\ncan generate a configured payload, establish remote sessions, deploy\npayloads to the remote machines, capture screenshots, perform remote\nshellcode execution, and run arbitrary commands,\" Cisco Talos said in a\nreport shared with The Hacker News. Written in GoLang, Alchimist is\ncomplemented by a beacon implant called Insekt, which comes with remote\naccess features that can be instrumented by the C2 server.”

\n

\"Since Alchimist is a single-file based ready-to-go C2 framework, it\nis difficult to attribute its use to a single actor such as the authors,\nAPTs, or crimeware syndicates.\"

\n

The trojan, for its part, is equipped with features typically present\nin backdoors of this kind, enabling the malware to get system\ninformation, capture screenshots, run arbitrary commands, and download\nremote files, among others.

\n

Alchimist C2 panel further features the ability to generate first\nstage payloads, including PowerShell and wget code snippets for Windows\nand Linux, potentially allowing an attacker to flesh out their infection\nchains to distribute the Insekt RAT binary. The instructions could then\nbe potentially embedded in a maldoc attached to a phishing email that,\nwhen opened, downloads and launches the backdoor on the compromised\nmachine. What\'s more, the Linux version of Insekt is capable of listing\nthe contents of the \".ssh\" directory and even adding new SSH keys to the\n\"~/.ssh/authorized_keys\" file to facilitate remote access over SSH.

\n

The Hacker News

\nHackers\nUsing Vishing to Trick Victims into Installing Android Banking\nMalware.\n

Malicious actors are resorting to voice phishing (vishing) tactics to\ndupe victims into installing Android malware on their devices.

\n

The Dutch mobile security company said it identified a network of\nphishing websites targeting Italian online-banking users that are\ndesigned to get hold of their contact details.

\n

Telephone-oriented attack delivery (TOAD), as the social engineering\ntechnique is called, involves calling the victims using previously\ncollected information from the fraudulent websites.

\n

The caller, who purports to be a support agent for the bank,\ninstructs the individual on the other end of the call to install a\nsecurity app and grant it extensive permissions, when, in reality, it\'s\nmalicious software intended to gain remote access or conduct financial\nfraud.

\n

What\'s more, the infrastructure utilized by the threat actor has been\nfound to deliver a second malware named SMS Spy that enables the\nadversary to gain access to all incoming SMS messages and intercept\none-time passwords (OTPs) sent by banks.

\n

The new wave of hybrid fraud attacks presents a new dimension for\nscammers to mount convincing Android malware campaigns that have\notherwise relied on traditional methods such as Google Play Store\ndroppers, rogue ads, and smishing.

\n

The Hacker News

\n64,000\nAdditional Patients Impacted by Omnicell Data Breach - What is Your Data\nBreach Action Plan?\n

Founded in 1992, Omnicell is a leading provider of medication\nmanagement solutions for hospitals, long-term care facilities, and\nretail pharmacies. On May 4, 2022, Omnicell\'s IT systems and third-party\ncloud services were affected by ransomware attacks which may lead to\ndata security concerns for employees and patients. While it is still\nearly in the investigation, this appears to be a severe breach with\npotentially significant consequences for the company.

\n

Omnicell began informing individuals whose information may have been\ncompromised on August 3, 2022. Hackers may be able to access and sell\npatient-sensitive information, such as social security numbers, due to\nthe time delay between the breach and the company\'s report of affected\npatients.

\n

The type of information that may be exposed are:

\n
    \n
  • Credit card information.
    • \n
  • Financial information.
    • \n
  • Social security numbers.
    • \n
  • Driver\'s license numbers.
    • \n
  • Health insurance details.
    • \n
\n

The healthcare industry is one of the most targeted sectors globally,\nwith attacks doubling year over year. And these costs are measured in\nmillions or even billions of dollars - not to mention increased risks\nfor patients\' privacy (and reputation).

\n

The Washington Post

\n

How to\nprotect schools getting whacked by ransomware.

\n

Ransomware gangs are taking Americans to school. So far this year,\nhackers have taken hostage at least 1,735 schools in 27 districts; the\nmassive Los Angeles Unified School District is their latest target.

\n

Ransomware hackers breach computers, lock them up, steal sensitive\ndata and demand money to release their hold on organizations’ critical\nsystems. These criminals often attack schools because they are\nprofitable targets. If all ransomware victims refused to pay, the\nattacks would stop. Indeed, paying up might be illegal: The Treasury\nDepartment released guidance last year noting that giving money to\nglobal criminal organizations can violate sanctions law.

\n

The trouble is, saying no isn’t always easy. Los Angeles didn’t\ncapitulate, and the criminals leaked a trove of data — a consequence\nthat can prove more or less serious depending on the sensitivity of the\nstolen information.

\n

“Because we can,” said a representative of the ransomware gang that\ntook down Los Angeles Unified School District, explaining the\ncollective’s motivations to a Bloomberg News reporter. Schools’ task is\nto turn “can” to “can’t” — or, at least, to make success pay a whole lot\nless.

\n

CNET News.

\nVerizon\nAlerts Prepaid Customers to Recent Security Breach.\n

Verizon notified prepaid customers this week of a recent cyberattack\nthat granted third-party actors access to their accounts, as reported\nearlier Tuesday by BleepingComputer. The attack occurred between Oct. 6\nand Oct. 10 and affected 250 Verizon prepaid customers.

\n

The breach exposed the last four digits of customers\' credit cards\nused to make payments on their prepaid accounts. While no full credit\ncard information was accessible, the information was enough to grant the\nattackers access to Verizon user accounts, which hold semi-sensitive\ndata such \"name, telephone number, billing address, price plans, and\nother service-related information,\" per a notice from Verizon.

\n

Account access also potentially enabled attackers to process\nunauthorized SIM card changes on prepaid lines. Also known as SIM\nswapping, unauthorized SIM card changes can allow for the transfer of an\nunsuspecting person\'s phone number to another phone.

\n

From there, the counterfeit phone can be used to receive SMS messages\nfor password resets and user identification verifications on other\naccounts, giving attackers potential access to any account they have, or\ncan guess, the username for. Consequently, Verizon recommended affected\ncustomers secure their non-Verizon accounts such as social media,\nfinancial, email and other accounts that allow for password resets by\nphone.

\n',391,0,0,'CC-BY-SA','Threat Analysis, Security Breach, Ransomware, Data Breach, TOAD',0,0,1), (3717,'2022-11-01','Video editing with Shotcut on a low end PC',695,'In this episode I explain how I use the shotcut video editor to edit video on a low end PC.','

Links

\n

Shotcut video editor website

\n

Useful\nShortcut keys for the Shotcut video editor

\n
C = copy\nV = paste\nA = duplicate\nX = ripple delete\nCtrl + X = ripple delete but send to clipboard\nS = split
\n

Tip not covered in my\nPodcast

\n

Splits are not fixed and can be adjusted. Once you\'ve split up clips\nand put them in the right order on the timeline you can still adjust the\ncut point even though you previously split the clip because the clip is\nreferenced to the original file in the playlist.

\n

Introduction

\n

Hello and welcome Hacker Public Radio audience my name is Mr X\nwelcome to this podcast. As per usual I\'d like to start by thanking the\npeople at HPR for making this podcast possible. HPR is a Community led\npodcast provided by the community for the community that means you can\ncontribute to. The HPR team have gone to great deal of effort to\nsimplify and streamline the process of providing podcasts. There are\nmany ways to record an episode these days using phones tablets PCs and\nalike. The hardest barrier is sending in your first show. Don\'t get too\nhung up about quality, it\'s more important just to send something in.\nThe sound quality of some of my early shows wasn\'t very good. If I can\ndo it anyone can and you might just get hooked in the process.

\n

Well it\'s been almost a year since I\'ve sent in a show. Looking at\nthe HPR site my last episode was back in November 2021. I suspect like\nmany others life has become more complicated and I find I have much less\nspare time and because I have much less spare time I have much less time\nto pursue my hobbies and because of this I have less to speak about and\nbecause of this I have less time to record what I\'ve been doing and it\nall turns into to vicious circle. Fortunately I recently had some time\noff work and had a lovely holiday. During the holiday I ended up\nrecording some video which I decided I wanted to edit. I\'ve done some\nvideo editing in the past using various video editing packages. The best\nand most recent of which is shotcut.

\n

Specific details and\nequipment

\n

Video resolution 1920 x 1080, Codec h264 mpeg-4, Frame rate 30 frames\nper second.

\n

Computer Dell Optiplex 780. Fitted with 4 GB of internal RAM and\nonboard video graphics card.

\n

Shotcut version 22.06.23 Shotcut is a free open-source cross-platform\nvideo editor licenced under the GNU general public licence version\n3.0

\n

This episode will only cover basic shotcut video editing techniques.\nShotcut contains many advanced features and effects that will not be\ncovered in this episode. A lot of the workflow I’ll share with you today\nis intended to get around limitations imposed by my low spec PC

\n

I\'ll try my best to cover the video editing process in this podcast\nusing words alone; however I am conscious that an accompanying video\nwould make it easier to follow along.

\n

Shotcut workflow

\n

Start by creating a folder to hold all the required media files.\nAudio tracks and sound effects can be added to this folder later. Make\nsure all your video files are using the same frame rate in my case 30\nframes per second.

\n

Open each video file in VLC one at a time going through each video\nfile looking for the best portions of video. Make a note of where the\nbest portions of the video are by writing down the start and end points\nin minutes and seconds.

\n

I do this because the interface of VLC is more responsive than\nshortcut and the resolution of displayed video is far greater than the\npreview in shortcut. This makes it quicker and easier to find the best\nportions of video.

\n

Open shortcut and make sure the new project is set to the same frames\nper second as the media files you\'re working with, in my case 30 frames\nper second. You can check the frame rate of your project by looking at\nthe selected video mode in the new projects window. If you select\nautomatic it will ensure the project resolution and frame rate\nautomatically match that of your media files.

\n

Start by adding all the video files to the playlist, this can be done\nin a number of ways for example it can be done by clicking on the open\nfile button in the top toolbar or within the open files menu.\nAlternatively you can drag and drop files into the playlist. I find this\nto be the easiest way to add media files to a project. Once this is done\nsave your project.

\n

Drag the first file from the Playlist to the timeline making sure\nthat the start of the video starts at 0 seconds.

\n

Click on the timeline in the position where the first start point of\ninterest is needed. Use the S key to split the video at this point.\nDon\'t worry about being too accurate as this can be moved at a later\nstage.

\n

Repeat this process for the end point of interest.

\n

Repeat this again for all the other sections of start and end points\nof interest.

\n

Remove the unwanted sections of video by clicking on a section then\nhitting the delete key. This will remove the unwanted section leaving an\nempty space behind.

\n

Once all the unwanted sections are removed click on the sections of\nvideo and pull them to the left to close the gaps up. I find it useful\nto leave some space between the good sections of video as it makes it\neasier to see where splits are and makes it easier later on to rearrange\nthe order of the individual clips.

\n

Check the start and end points of the remaining sections of video to\nsee that the start and end points stop in the correct place. You can do\nthis by clicking the play button on the preview window. The video start\nand end points can be adjusted by dragging the section left or right in\nin the timeline section; this is where leaving spaces Between each\nsection of video can be handy as it allows for fine tuning.

\n

Add a new blank video track to the timeline to hold the next video.\nNote this wasn\'t required when adding the first video track but it is\nneeded for each subsequent track. A video track can be added by right\nclicking on an empty portion of the timeline and selecting add video\ntrack. Alternatively use the ctrl + I key.

\n

Drag your second video from the playlist onto the newly created blank\nvideo track in the timeline. As before make sure that the start of the\nvideo starts at 0 seconds.

\n

Before previewing any section of the second video track click the\nsmall eye shaped hide icon in the left section of the first video track\nlabelled output. This will prevent previewing both video tracks at the\nsame time.

\n

Repeat the process above of chopping the second video track into\nsections using the S key to split the video up. Remove the unwanted\nsections. Finally adjust the start and end points of the remaining\nsections.

\n

Repeat the steps above to add the remaining video files one at a time\nfrom the playlist to the timeline.

\n

When complete you end up with separate video tracks in the timeline\neach containing good sections of video.

\n

At this stage I can\'t be too specific about how to continue as there\nare a number of different options depending on your particular Project.\nYou can for example start by combining the good sections of video into\none video track by dragging them from one track to another then add if\nrequired an audio track or you can add the audio track first and then\ntry to sync things up to the audio track moving bits and pieces of video\ninto one video track remembering to hide the unwanted sections of video\nby clicking on the small hide eye icons. Don\'t do too much editing\nwithout saving the project. If you get a message about low memory save\nthe project then reopen it.

\n

To export the final video click on the export button in the toolbar.\nI pick the default option, this creates an H.264/AAC MP4 file suitable\nfor most users and purposes. You can check the frame rate is the same as\nyour original media files by clicking on the advanced tab. Click the\nexport file button and give it a file name. It may take some time to\ncreate the export file. This will be dependent on the speed of your\ncomputer and the length and resolution of your project.

\n

While Shotcut is far from perfect on my puny PC it is surprisingly\nusable and stable and is the best option I’ve found so far.

\n

Finally here are some general shotcut tips I have when doing video\nediting on a puny PC with limited ram, slow processor and built in\ngraphics card such as mine.

\n

General Tips\nwhen working with a low powered PC

\n

Close all open applications leaving only shortcut open this helps\nwith RAM usage

\n

Shortcut is surprisingly stable with a feeble PC such as mine. I\nwould still recommend saving your project regularly as it is quick and\nvery easy to do.

\n

If you get a message about running out of RAM then try not to do too\nmuch more editing before saving the project. Once saved close shotcut\nand then reopen it. The longer your project is and the higher your\nproject resolution the more RAM you will need.

\n

When you are about to export your final video save the project close\nshortcut reopen shotcut and immediately export your project as any\nprevious editing may be taking up precious ram.

\n

Be patient when clicking on the timeline to repositioned the play\nhead. Always wait for the preview window to update. This can sometimes\ntake a few seconds.

\n

When trying to sync video to audio you need to zoom in in quite a\nlong way before getting an audio preview. When doing this and moving the\nplay head you\'ll get a choppy version of the audio with this it is still\nperfectly possible to find the beat of the music allowing you to sync\nyour video to the music. If this doesn\'t seem to work for you then try\nzooming in closer.

\n

Ok that\'s about it for this podcast. Hope it wasn\'t too boring and it\nmade some sense. If you want to contact me I can be contacted at\nmrxathpr at googlemail.

\n

Thank you and goodbye.

\n',201,0,0,'CC-BY-SA','workflow, tips, video, editing, application',0,0,1), (3719,'2022-11-03','HPR News',594,'InfoSec; the language of security.','

InfoSec; the language of\nsecurity.

\n

What\nis Typosquatting and How Do Scammers Use it?

\n
    \n
  • Typosquatting, as an attack, uses modified or misspelled domain\nnames to trick users into visiting fraudulent websites; the heart of\nthis attack is domain name registration. Typosquatting is deployed by\nscammers to defraud unaware users. Attackers will attempt to: mimic\nlogin pages, redirect traffic, download malware, and extort users.
    • \n
  • Past Known Typosquatting Attacks.\n
      \n
    • Several\nMalicious Typosquatted Python Libraries Found On PyPI\nRepository
      • \n
    • Over\n700 Malicious Typosquatted Libraries Found On RubyGems\nRepository
      • \n
    • Security\nadvisory: malicious crate rustdecimal
      • \n
    • This\nWeek in Malware-Malicious Rust crate, \'colors\' Typosquats
      • \n
    • \n
  • Solutions to Typosquatting.\n
    • \n
  • DNS monitoring services.\n
      \n
    • Link to dnstwister: https://dnstwister.report/
      • \n
    • Link to whois: https://www.whois.com/whois
      • \n
    • \n
  • Password Managers.\n
      \n
    • Link to bitwarden: https://bitwarden.com/
      • \n
    • Link to keepassxc: https://keepassxc.org/
      • \n
    • \n
\n
\n

Two-factor and\nMultifactor Authentication.

\n
    \n

  • First, authentication. This is the process of verifying the\nvalidity of something; in our case, user credentials/identity. The most\ncommon way to authenticate is: USERNAME and PASSWORD.\nThis is just a single layer (single-factor authentication) and isn’t\nenough to discourage attackers.

    • \n

  • Second, 2FA (Two-factor Authentication). 2FA increases the\ndifficulty for attackers by providing users an additional layer of\nsecurity to accomplish authentication. Common 2FA methods are: TOTP/OTP\n(the One Time Password), Authenticator\nApplications (Bitwarden, KeePassXC,...), and Security Keys (Yubikey). This works similar to ATMs;\nto authenticate the user must provide both knowledge (account\nPIN) and a physical object (bank card).

    • \n

  • Last, but not least, MFA (Multifactor Authentication). Similar to\n2FA, MFA offers users security with the addition of biometrics\n(fingerprint scan, retina scan, facial recognition, and voice\nrecognition). Attackers must overcome the knowledge factor, Possession\nfactor, Inherence/Biometric factor, Time factor, and sometimes Location\nfactor.

    • \n

  • MORE helpful security information.

    \n
    • \n

  • 2FA/MFA Known Attacks.

    \n
      \n
    • Bots\nThat Steal Your 2FA Codes.
      • \n
    • hackers\nare cracking two-factor authentication
      • \n
    • \n
\n',391,0,0,'CC-BY-SA','InfoSec, Typosquatting, SFA, 2FA, MFA, Security',0,0,1), @@ -20483,9 +20483,9 @@ INSERT INTO `eps` (`id`, `date`, `title`, `duration`, `summary`, `notes`, `hosti (3899,'2023-07-13','Repair corrupt video files for free with untruc',320,'This is how I fixed corrupt video files from my dash cam after an accident','

My original blog post on this topic: https://pquirk.com/posts/corruptvideo/

\n
    \n
  • Untruc at Github: https://github.com/anthwlock/untrunc
    • \n
  • Windows version: https://github.com/anthwlock/untrunc/releases
    • \n
  • Arch linux version: https://aur.archlinux.org/packages/untrunc-git
    • \n
\n

Make your donations to:
\nhttps://www.paypal.com/paypalme/anthwlock
\nhttps://vcg.isti.cnr.it/~ponchio/untrunc.php

\n',383,0,0,'CC-BY-NC-SA','video,corrupt,fix,file,linux',0,0,1), (3921,'2023-08-14','HPR AudioBook Club 23 - John Carter of Mars (Books 1-3)',6516,'In this episode the HPR Audiobook Club discusses the first three books of John Carter of Mars','In\nthis episode the HPR Audiobook Club discusses the audiobooks A\nPrincess of Mars, The\nGods of Mars, and The\nWarlord of Mars by Edgar Rice Burroughs\n
\n

Non-Spoiler Thoughts

\n
\n
    \n
  • Burroughs is kind of verbose, which is symbolic of the time period\nin which it was written.
    • \n
\n

Beverage Reviews

\n
\n
    \n
  • Thaj: Tempting fate with a tall glass of the highly\ntoxic, Dihydrogen\nMonoxide
    • \n
  • x1101: Shipyard\nLittle Horror of Hops Its a very amber IPA
    • \n
  • Pokey: Yellow Tail\nChardonay Its definitely a chardonay in flavor. You can taste the\ncost effectiveness up front, but it mellows out on the finish, and is\npretty okay for the price on average.
    • \n
  • FiftyOneFifty: Funky Pumpkin spiced\npumpkin ale
    • \n
  • Mark: Lagunitas IPA
    • \n
\n

Things We Talked About

\n
\n
    \n

  • Chat Secure secure XMPP,\nThink of the children!!!

    • \n

  • Technology on Barsoom

    • \n

  • Deus Ex Machina much???

    • \n

  • Names in fantasy books

    • \n
\n

Our Next Audiobook

\n
\n

See\nYou At The Morgue by Lawrence Blochman

\n

The Next Audiobook Club\nRecording

\n
\n

Right now we are working through a backlog of older episode that have\nalready been recorded. Once that ends we fully anticipate recording new\nepisodes with listener participation.

\n

Feedback

\n
\n

Thank you very much for listening to this episode of the HPR\nAudioBookClub. We had a great time recording this show, and we hope you\nenjoyed it as well. We also hope you\'ll consider joining us next time we\nrecord a new episode. Please leave a few words in the episode\'s comment\nsection.

\n

As always; remember to visit the HPR contribution page HPR could\nreally use your help right now.

\n

Sincerely, The HPR Audiobook Club

\n

P.S. Some people really like finding mistakes. For their enjoyment,\nwe always include a few.

\n

Our Audio

\n
\n

This episode was processed using Audacity. We\'ve been making\nsmall adjustments to our audio mix each month in order to get the best\npossible sound. Its been especially challenging getting all of our\nvoices relatively level, because everyone has their own unique setup.\nMumble is great for bringing us all together, and for recording, but\nit\'s not good at making everyone\'s voice the same volume. We\'re pretty\nhappy with the way this month\'s show turned out, so we\'d like to share\nour editing process and settings with you and our future selves (who, of\ncourse, will have forgotten all this by then).

\n

We use the \"Truncate Silence\" effect with it\'s default settings to\nminimize the silence between people speaking. When used with it\'s\ndefault (or at least reasonable) settings, Truncate Silence is extremely\neffective and satisfying. It makes everyone sound smarter, it makes the\nfile shorter without destroying actual content, and it makes a\nconversations sound as easy and fluid during playback as it was while it\nwas recorded. It can be even more effective if you can train yourself to\nremain silent instead of saying \"uuuuummmm.\" Just remember to ONLY pass\nthe file through Truncate Silence ONCE. If you pass it through a second\ntime, or if you set it too aggressively your audio may sound sped up and\nchoppy.

\n

Next we use the \"Compressor\" effect with the following settings:

\n
Threshold: -30db\n\nNoise Floor: -50db\n\nRatio: 3:1\n\nAttack Time: 0.2sec\n\nDecay Time: 1.0 sec
\n

\"Make-up Gain for 0db after compressing\" and \"compress based on\npeaks\" were both left un-checked.

\n

After compressing the audio we cut any pre-show and post-show chatter\nfrom the file and save them in a separate file for possible use as\nouttakes after the closing music.

\n

We adjust the Gain so that the VU meter in Audacity hovers around\n-12db while people are speaking, and we try to keep the peaks under\n-6db, and we adjust the Gain on each of the new tracks so that all\nvolumes are similar, and more importantly comfortable. Once this is done\nwe can \"Mix and Render\" all of our tracks into a single track for export\nto the .FLAC file which is uploaded to the HPR server.

\n

At this point we listen back to the whole file and we work on the\nshownotes. This is when we can cut out anything that needs to be cut,\nand we can also make sure that we put any links in the shownotes that\nwere talked about during the recording of the show. We finish the\nshownotes before exporting the .aup file to .FLAC so that we can paste a\ncopy of the shownotes into the audio file\'s metadata.

\n

At this point we add new, empty audio tracks into which we paste the\nintro, outro and possibly outtakes, and we rename each track\naccordingly.

\n

Remember to save often when using Audacity. We like to save after\neach of these steps. Audacity has a reputation for being \"crashy\" but if\nyou remember save after every major transform, you will wonder how it\never got that reputation.

\n

Attribution

\n
\n

Record\nScratch Creative Commons 0

\n',157,0,1,'CC-BY-SA','mars, audiobook club, fiction, scifi, audiobook',0,0,1), (4151,'2024-07-01','HPR Community News for June 2024',0,'HPR Volunteers talk about shows released and comments posted in June 2024','',159,47,1,'CC-BY-SA','Community News',0,0,1), -(4176,'2024-08-05','HPR Community News for July 2024',0,'HPR Volunteers talk about shows released and comments posted in July 2024','',159,47,1,'CC-BY-SA','Community News',0,0,1), -(3902,'2023-07-18','Introduction to a new series on FFMPEG',474,'In this episode, I introduce FFMPEG, media containers, and codecs','

Links

\n\n\n',300,0,0,'CC-BY-SA','ffmpeg,video streaming,audio streaming',0,0,1); -INSERT INTO `eps` (`id`, `date`, `title`, `duration`, `summary`, `notes`, `hostid`, `series`, `explicit`, `license`, `tags`, `version`, `downloads`, `valid`) VALUES (3903,'2023-07-19','Why I don\'t love systemd (yet)',396,'Klaatu reads a script by Deepgeek about systemd','

I\'ve been meaning to put down my thoughts about SystemD for the HPR\ncommunity for some while, so here goes.

\n

I want to say that I am not a SystemD hater. When SystemD was a hot\ntopic of debate, many became irrational over it, but I want to start by\nsaying that I don\'t think it\'s a bad technology. I think it is a rather\ngood technology. I just don\'t want it on my personal computer. So I\nwould like to run things down in this order: what is it (as in, what is\nit really,) what makes it a good technology, why I don\'t want it now\n(but might later,) and a few tips for you if you decide that you don\'t\nwant it currently.

\n

SystemD Is not an init system. SystemD includes an init system.\nSystemD Init was faster than SysVInit, but SystemD Init isn\'t the\nfastest init system, and SysVInit now has a parallelization helper, at\nleast on Debian.

\n

So, if SystemD Init is not SystemD, than what is SystemD? To\nunderstand this we must first understand something about Linux. Linux\noperates under a model where there are root processes, and there are\nuser processes. These two kinds of processes are usually called\n\"layers.\" SystemD is actually a third layer, that can be called a system\nlayer. So when SystemD is added to a Linux system, that changes the\nsystem so that there are three layers, a root layer, a user layer, and a\nsystem layer. As such, you now ask SystemD to set how the system runs.\nThis is why SystemD includes things like an init system, because if you\nwant to change what the system is running, you ask SystemD to change it.\nSystemD then messages an appropriate system to implement the change,\nlike messaging its init system to bring up or bring down a system\ndaemon. Once you play out this in your head a bit, you really realize\nthat SystemD acts more like a message passing system in this regard.

\n

So why do I say SystemD is a good technology? Because this can\nstandardize system control. Without SystemD a fleet of computers becomes\nlike individual fingerprints or unique snowflakes. If you manage many\ncomputers, as many professional IT people do, you want them to all run\nthe same, all have the same profiles and general configurations. So if\nyou have a bunch of computers you are running, you can run a lot more if\nthey are all run the same way. If your job requires you to run 10,000\nwebservers, you want them to run identically because it is impossible to\nkeep an understanding of 10,000 unique configurations in a human\nhead.

\n

SystemD really shines in its support of virtualization as well. So\nto speak of servers, I used to run an email server for a few friends.\nEach of us had a userid and number as unix users. The mapping of unix\nuserids and postfix userids can get confusing when it gets big. Thanks\nto SystemD\'s virtualization work, you can actually put a service like\nemail into a namespace situation so that it has only the users root and\nthe daemon user id (like \"postfix\"), so SystemD greatly enhances\nsecurity for server installations. This might help explain its\ndominance in linux distributions that have been traditionally\nserver-centric, such as debian and redhat.

\n

So why don\'t I don\'t want it? Well, I\'ve been doing a lot of talking\nabout professional computer work and corporate work environments, but I\nuse a \"Personal Computer\" as a hobby. I\'ve been out-of-industry for\ndecades now. And when I say \"Personal Computer\" I\'m not talking a\nhardware specification, rather I\'m talking about \"This is my personal\ncomputer where I do things my way, as opposed to my work computer where\nI do things my companies way\". Dear listener, please remember that I did\nthe first community show contribution to HPR, and my topic was about\npersonalization. For me, a hobbyist interested in operating system\nexperimentation, I don\'t want a system layer, I want a traditional\nunix-like system that operates on a two-layer model and does things my\nway, nobody else\'s way.

\n

So, what advice can I give to those who don\'t want SystemD now? Well,\nrecently I\'ve left Debian. Debian, you see, supports init system\ndiversity, but as you now know dear listener, that is different than\nbeing without SystemD. You may have heard that SystemD is\nlinux-specific, that is to say that it runs only on linux, not anything\nlike a BSD system or a Windows system. But you may be curious to know\nthat it is also Gnu-libC specific. Which means that the C compiler must\nuse GNU\'s libC standard library. Thus, if you have a system built around\nthe Musl C standard library like Alpine or Void, or a system like\nAndroid that runs on the Bionic C Standard library, you wont have a\nSystemD system. I\'m personally learning Void as its package manager\nsupports both binary and a ports collection much like the BSD\'s. But\nthat is what I\'m doing on my personal computer, I leave you in the\nfreedom to do things your way on your personal computer!

\n\n',73,99,0,'CC-BY-SA','systemd,linux',0,0,1), +(4176,'2024-08-05','HPR Community News for July 2024',0,'HPR Volunteers talk about shows released and comments posted in July 2024','',159,47,1,'CC-BY-SA','Community News',0,0,1); +INSERT INTO `eps` (`id`, `date`, `title`, `duration`, `summary`, `notes`, `hostid`, `series`, `explicit`, `license`, `tags`, `version`, `downloads`, `valid`) VALUES (3902,'2023-07-18','Introduction to a new series on FFMPEG',474,'In this episode, I introduce FFMPEG, media containers, and codecs','

Links

\n\n\n',300,0,0,'CC-BY-SA','ffmpeg,video streaming,audio streaming',0,0,1), +(3903,'2023-07-19','Why I don\'t love systemd (yet)',396,'Klaatu reads a script by Deepgeek about systemd','

I\'ve been meaning to put down my thoughts about SystemD for the HPR\ncommunity for some while, so here goes.

\n

I want to say that I am not a SystemD hater. When SystemD was a hot\ntopic of debate, many became irrational over it, but I want to start by\nsaying that I don\'t think it\'s a bad technology. I think it is a rather\ngood technology. I just don\'t want it on my personal computer. So I\nwould like to run things down in this order: what is it (as in, what is\nit really,) what makes it a good technology, why I don\'t want it now\n(but might later,) and a few tips for you if you decide that you don\'t\nwant it currently.

\n

SystemD Is not an init system. SystemD includes an init system.\nSystemD Init was faster than SysVInit, but SystemD Init isn\'t the\nfastest init system, and SysVInit now has a parallelization helper, at\nleast on Debian.

\n

So, if SystemD Init is not SystemD, than what is SystemD? To\nunderstand this we must first understand something about Linux. Linux\noperates under a model where there are root processes, and there are\nuser processes. These two kinds of processes are usually called\n\"layers.\" SystemD is actually a third layer, that can be called a system\nlayer. So when SystemD is added to a Linux system, that changes the\nsystem so that there are three layers, a root layer, a user layer, and a\nsystem layer. As such, you now ask SystemD to set how the system runs.\nThis is why SystemD includes things like an init system, because if you\nwant to change what the system is running, you ask SystemD to change it.\nSystemD then messages an appropriate system to implement the change,\nlike messaging its init system to bring up or bring down a system\ndaemon. Once you play out this in your head a bit, you really realize\nthat SystemD acts more like a message passing system in this regard.

\n

So why do I say SystemD is a good technology? Because this can\nstandardize system control. Without SystemD a fleet of computers becomes\nlike individual fingerprints or unique snowflakes. If you manage many\ncomputers, as many professional IT people do, you want them to all run\nthe same, all have the same profiles and general configurations. So if\nyou have a bunch of computers you are running, you can run a lot more if\nthey are all run the same way. If your job requires you to run 10,000\nwebservers, you want them to run identically because it is impossible to\nkeep an understanding of 10,000 unique configurations in a human\nhead.

\n

SystemD really shines in its support of virtualization as well. So\nto speak of servers, I used to run an email server for a few friends.\nEach of us had a userid and number as unix users. The mapping of unix\nuserids and postfix userids can get confusing when it gets big. Thanks\nto SystemD\'s virtualization work, you can actually put a service like\nemail into a namespace situation so that it has only the users root and\nthe daemon user id (like \"postfix\"), so SystemD greatly enhances\nsecurity for server installations. This might help explain its\ndominance in linux distributions that have been traditionally\nserver-centric, such as debian and redhat.

\n

So why don\'t I don\'t want it? Well, I\'ve been doing a lot of talking\nabout professional computer work and corporate work environments, but I\nuse a \"Personal Computer\" as a hobby. I\'ve been out-of-industry for\ndecades now. And when I say \"Personal Computer\" I\'m not talking a\nhardware specification, rather I\'m talking about \"This is my personal\ncomputer where I do things my way, as opposed to my work computer where\nI do things my companies way\". Dear listener, please remember that I did\nthe first community show contribution to HPR, and my topic was about\npersonalization. For me, a hobbyist interested in operating system\nexperimentation, I don\'t want a system layer, I want a traditional\nunix-like system that operates on a two-layer model and does things my\nway, nobody else\'s way.

\n

So, what advice can I give to those who don\'t want SystemD now? Well,\nrecently I\'ve left Debian. Debian, you see, supports init system\ndiversity, but as you now know dear listener, that is different than\nbeing without SystemD. You may have heard that SystemD is\nlinux-specific, that is to say that it runs only on linux, not anything\nlike a BSD system or a Windows system. But you may be curious to know\nthat it is also Gnu-libC specific. Which means that the C compiler must\nuse GNU\'s libC standard library. Thus, if you have a system built around\nthe Musl C standard library like Alpine or Void, or a system like\nAndroid that runs on the Bionic C Standard library, you wont have a\nSystemD system. I\'m personally learning Void as its package manager\nsupports both binary and a ports collection much like the BSD\'s. But\nthat is what I\'m doing on my personal computer, I leave you in the\nfreedom to do things your way on your personal computer!

\n\n',73,99,0,'CC-BY-SA','systemd,linux',0,0,1), (3904,'2023-07-20','How to make friends',2861,'This topic is being actively researched. Not for production use.','

Show notes

\n
    \n
  • \n

    No clear mark of when friendship starts

    \n
    • \n
  • \n

    often feels \"right\" when mutual

    \n
    • \n
  • \n

    to some people friendship is a persistent state. once you have it, it's forever unless explicitly dissolved.

    \n
    • \n
  • \n

    for other people, it's something requiring maintenance. arguable this suggests that there are degrees of friendship, based on when you last spoke to one another.

    \n
    • \n
  • \n

    degrees of friendship also suggests progression. friend → close friend → best friend.

    \n
    • \n
\n

how to make a friend

\n

friendship requires communication.

\n
    \n
  • \n

    start by communicating in some way that makes the other person feel not unpleasant

    \n
    • \n
  • \n

    you're not supposed to target a friend. this can be a frustrating rule, because if you're trying to make a friend, you have to target somebody, but the general consensus is that you're not supposed to \"try too hard\". target lots of people in the hopes of stumbling across somebody to befriend.

    \n
    • \n
  • \n

    complimenting something they have done, even if it's something simple like wearing a cool shirt, is a very easy start

    \n
    • \n
  • \n

    finding ground common allows for repeated communication

    \n
    • \n
  • \n

    repetition of this is what builds friendship. this is why friendships often develop at work, but can dissolve quickly after a job change.

    \n
    • \n
  • \n

    the situation matters. chatting with someone who's being paid to interact with you, like somebody working at a store, doesn't count because in context they more or less cannot choose to stop communicating with you until you leave the store. chatting with someone who has anything to gain by chatting with you doesn't count (like an intern at work).

    \n
    • \n
  • \n

    to speed up a developing friendship, you can invite the person to interact with you on something with a clearly defined goal. You like coding? I like coding! Would you care to collaborate for 4 hours on a script that would help me find my Raspberry Pi on my network?

    \n
    • \n
  • \n

    during the activity, continue to communicate. this can be difficult because you're doing an activity that you both claim to enjoy, so in theory the activity should be sufficient to further the friendship. However, the activity doesn't build the friendship, it only builds a partnership. It's the communication that builds friendship.

    \n
    • \n
\n

unfortunately, there's no clear point during this process at which you know you have made a friend. so you have to define what a friend is, to you, and then work toward that goal.

\n

Here are some examples of definitions for friendship. There is no right or wrong here, it's really just setting your own expectations and requirements:

\n
    \n
  • \n

    A friend is someone to hang out with on sundays.

    \n
    • \n
  • \n

    A friend is someone I can call when I've got some free time to kill.

    \n
    • \n
  • \n

    A friend is someone I can play video games with online.

    \n
    • \n
  • \n

    A friend is someone I can call, day or night, when I need help.

    \n
    • \n
  • \n

    A friend is someone who has come over for dinner, and has met my family, and who I see at least once a month.

    \n
    • \n
\n

There's no official definition, so you must define it yourself.\nYour definition may differ from the other person's definition.\nYou might say \"we are best friends\" but they might say \"no, I already have a best friend, but you're a good friend\" and THAT'S OK.

\n

If it helps, classify what kinds of friends you have so you understand what kinds of relationships you are maintaining.\nCommunicate with your friends, even if it's only to let them know that you're bad at communicating on a regular basis, or ask them how frequently they need to communicate to maintain a healthy friendship.

\n',78,108,0,'CC-BY-SA','autism,friendship,relationship,social engineering',0,0,1), (3905,'2023-07-21','Presenting Fred Black',1105,'I have a short talk to present Fred Black.','
    \n
  • IB-program https://ibo.org/
    • \n
  • Animals To The Max https://corbinmaxey.com/podcast-1
    • \n
  • I Spend A Day With... https://feeds.megaphone.fm/ispentadaywith
    • \n
  • The Vinyl Guide https://www.thevinylguide.com/
    • \n
  • NSOD - Norsken, Svensken og Dansken https://podkast.nrk.no/program/norsken_svensken_og_dansken.rss
    • \n
\n',309,0,0,'CC-BY-SA','school,podcasts,instrument,quiz',0,0,1), (3906,'2023-07-24','The Oh No! News.',1741,'Sgoti discusses the threat of convenience.','

The Oh No! news.

\n

Oh No! News is Good\nNews.

\n
    \n
  • TAGS: Oh No News, InfoSec, browser security,\nsession tokens, session id
    • \n
\n
\n

InfoSec; the language\nof security.

\n
    \n
  • Source: Session ID.
    \n
    • \n
  • Source: JSON Web\nToken.
    \n\n
      \n
    • Terms\nof Use: Copyleft, free content
      \n
      • \n
    • \n
  • Source: Session\nvs Token Based Authentication.
    \n\n
      \n
    • Terms\nof Use: CC-BY-SA (with CC-BY-NC-SA elements).
      \n
      • \n
    • \n
  • Source: Steal Application\nAccess Token. Adversaries can steal application access tokens as a\nmeans of acquiring credentials to access remote systems and resources.\nApplication access tokens are used to make authorized API requests on\nbehalf of a user or service and are commonly used as a way to access\nresources in cloud and container-based applications and\nsoftware-as-a-service (SaaS).
    \n\n
      \n
    • Terms of\nUse: Similar to CC-BY-SA
      \n
      • \n
    • \n
  • Source: Analysis:\nCircleCI attackers stole session cookie to bypass MFA.
    \n\n
      \n
    • Terms of\nUse: Section 8. CONTENT AND CONTENT LICENSES. NOT\ncertain
      \n
      • \n
    • \n
  • Source: How to Prevent\nSession Hijacking?
    \n\n
    • \n
\n
\n
    \n
  • Additional Information.\n
      \n
    • What is a \"Data\nBreach\"? A data breach is a security violation, in which sensitive,\nprotected or confidential data is copied, transmitted, viewed, stolen,\naltered or used by an individual unauthorized to do so.
      • \n
    • What is \"Malware\"?\nMalware (a portmanteau for\nmalicious software) is any software intentionally designed to cause\ndisruption to a computer, server, client, or computer network, leak\nprivate information, gain unauthorized access to information or systems,\ndeprive access to information, or which unknowingly interferes with the\nuser\'s computer security and privacy.
      • \n
    • What is a \"Payload\"?\nIn the context of a computer virus or worm, the payload is the portion\nof the malware which performs malicious action; deleting data, sending\nspam or encrypting data. In addition to the payload, such malware also\ntypically has overhead code aimed at simply spreading itself, or\navoiding detection.
      • \n
    • What is \"Phishing\"?\nPhishing is a form of social engineering\nwhere attackers deceive people into revealing sensitive information or\ninstalling malware such as ransomware. Phishing\nattacks have become increasingly sophisticated and often transparently\nmirror the site being targeted, allowing the attacker to observe\neverything while the victim is navigating the site, and transverse any\nadditional security boundaries with the victim.
      • \n
    • Social\nengineering (security) In the context of information security,\nsocial engineering is the psychological\nmanipulation of people into performing actions or divulging\nconfidential information. A type of confidence trick for the purpose of\ninformation gathering, fraud, or system access, it differs from a\ntraditional \"con\" in that it is often one of many steps in a more\ncomplex fraud scheme.
      \n
      • \n
    • What is \"Information\nSecurity\" (InfoSec)? Information security, sometimes shortened to\nInfoSec, is the practice of protecting information by mitigating information risks. It\nis part of information risk\nmanagement.\n
        \n
      • Information Security Attributes: Confidentiality, Integrity and Availability (C.I.A.).\nInformation Systems are composed in three main portions, hardware,\nsoftware and communications with the purpose to help identify and apply\ninformation security industry standards, as mechanisms of protection and\nprevention, at three levels or layers: physical, personal and\norganizational. Essentially, procedures or policies are implemented to\ntell administrators, users and operators how to use products to ensure\ninformation security within the organizations.
        • \n
      • \n
    • What is \"Risk\nmanagement\"? Risk management is the identification, evaluation, and\nprioritization of risks followed by coordinated and economical\napplication of resources to minimize, monitor, and control the\nprobability or impact of unfortunate events or to maximize the\nrealization of opportunities.
      • \n
    • What is a \"Vulnerability\"\n(computing)? Vulnerabilities are flaws in a computer system that\nweaken the overall security of the device/system. Vulnerabilities can be\nweaknesses in either the hardware itself, or the software that runs on\nthe hardware.
      • \n
    • What is an \"Attack\nSurface\"? The attack surface of a software environment is the sum of\nthe different points (for \"attack vectors\") where an unauthorized user\n(the \"attacker\") can try to enter data to or extract data from an\nenvironment. Keeping the attack surface as small as possible is a basic\nsecurity measure.
      • \n
    • What is an \"Attack\nVector\"? In computer security, an attack vector is a specific path,\nmethod, or scenario that can be exploited to break into an IT system,\nthus compromising its security. The term was derived from the\ncorresponding notion of vector in biology. An attack vector may be\nexploited manually, automatically, or through a combination of manual\nand automatic activity.
      • \n
    • What is\n\"Standardization\"? Standardization is the process of implementing\nand developing technical standards based on the consensus of different\nparties that include firms, users, interest groups, standards\norganizations and governments. Standardization can help maximize\ncompatibility, interoperability, safety, repeatability, or quality. It\ncan also facilitate a normalization of formerly custom processes.\n
      • \n
    • What is a \"Replay\nattack\"? A replay attack is a form of network attack in which valid\ndata transmission is maliciously or fraudulently repeated or delayed.\nAnother way of describing such an attack is: \"an attack on a security\nprotocol using a replay of messages from a different context into the\nintended (or original and expected) context, thereby fooling the honest\nparticipant(s) into thinking they have successfully completed the\nprotocol run.\"
      • \n
    • What is a\n\"Man-in-the-middle attack\"? In cryptography and computer security, a\nman-in-the-middle, ..., attack is a cyberattack where the attacker\nsecretly relays and possibly alters the communications between two\nparties who believe that they are directly communicating with each\nother, as the attacker has inserted themselves between the two\nparties.
      • \n
    • What is \"Transport Layer\nSecurity\" (TLS)? Transport Layer Security (TLS) is a cryptographic\nprotocol designed to provide communications security over a computer\nnetwork. The protocol is widely used in applications such as email,\ninstant messaging, and voice over IP, but its use in securing HTTPS\nremains the most publicly visible.
      • \n
    • What is a \"Handshake\"\n(computing)?. In computing, a handshake is a signal between two\ndevices or programs, used to, e.g., authenticate, coordinate. An example\nis the handshaking between a hypervisor and an application in a guest\nvirtual machine.
      • \n
    • What is Security\ntheater? The practice of taking security measures that are\nconsidered to provide the feeling of improved security while doing\nlittle or nothing to achieve it.
      \n
      • \n
    • \n
\n
\n\n',391,74,0,'CC-BY-SA','Oh No News, InfoSec, browser security, session tokens, session id',0,0,1), @@ -21487,4 +21487,4 @@ UNLOCK TABLES; /*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2023-11-21 3:52:48 +-- Dump completed on 2023-11-22 7:13:02