Kero Lantern Chronicles

Apr. 26th, 2016 12:38 am
shadowspar: A pixellated adventurer grooving in time to music (necrodancer: cadence)
[personal profile] shadowspar
So...our ski club hosts a lantern ski two evenings a year, so people can putter along enjoying the trails and the twilight. They used to use oldschool kerosene lanterns, but the club got rid of them a few years back. It sounds like they were getting dirty and rusty, and nobody was quite sure how to make them less so.

Unfortunately, the candle lanterns that replaced them don't work very well. They don't provide any substantial illumination, and in the winter, the candles burn out quickly -- they don't retain enough heat to melt their own wax well, and burn down the middle instead of across their entire width.

I went looking for a better solution, and was surprised to find that new kerosene lanterns are actually still a thing sold in North America. Like, ones for real use, as opposed to collectables or antiques that are just supposed to sit on a shelf and look nice. So I ordered one.
Read more... )

Finding a Food Truck in Boulder, CO

Apr. 23rd, 2016 02:48 pm
altamira16: Tall ship at dusk (Default)
[personal profile] altamira16
I am supposed to be finding a food truck for an HOA party in midsummer, and I am having a really difficult time with this. Midsummer is the busy season for festivals and weddings, and a lot of food trucks are booked.

I tried "The Butcher and The Blonde." We used them last year, but they have a wedding that day. People really liked their sliders which were small sandwiches full of some shredded meat.

I filled a form for "The Ginger Pig." I am not sure if they have started up yet, but they are going to be at a festival in Denver on the day of our event. They were really responsive with their email.

I filled the form for "The French Twist," and I never heard back from them. I have seen them at a number of events. They promote it as a family business run by the parents of home schoolers.

Today, at an event at Growing Gardens, I saw "The Wheel and the Whisk" and "Two Hands Mobile Kitchen." I may try to call them.

Here is a website that has a lot of food trucks, but it is not comprehensive. And it looks like one of the trucks that they have on their list may have shut down.

In Baltimore, the food trucks made good use of Twitter to let people know where they would be, and I am just not seeing that for the food trucks in Boulder.

Circumventing Ubuntu Snap confinement

Apr. 21st, 2016 06:31 pm
[personal profile] mjg59
Ubuntu 16.04 was released today, with one of the highlights being the new Snap package format. Snaps are intended to make it easier to distribute applications for Ubuntu - they include their dependencies rather than relying on the archive, they can be updated on a schedule that's separate from the distribution itself and they're confined by a strong security policy that makes it impossible for an app to steal your data.

At least, that's what Canonical assert. It's true in a sense - if you're using Snap packages on Mir (ie, Ubuntu mobile) then there's a genuine improvement in security. But if you're using X11 (ie, Ubuntu desktop) it's horribly, awfully misleading. Any Snap package you install is completely capable of copying all your private data to wherever it wants with very little difficulty.

The problem here is the X11 windowing system. X has no real concept of different levels of application trust. Any application can register to receive keystrokes from any other application. Any application can inject fake key events into the input stream. An application that is otherwise confined by strong security policies can simply type into another window. An application that has no access to any of your private data can wait until your session is idle, open an unconfined terminal and then use curl to send your data to a remote site. As long as Ubuntu desktop still uses X11, the Snap format provides you with very little meaningful security. Mir and Wayland both fix this, which is why Wayland is a prerequisite for the sandboxed xdg-app design.

I've produced a quick proof of concept of this. Grab XEvilTeddy from git, install Snapcraft (it's in 16.04), snapcraft snap, sudo snap install xevilteddy*.snap, /snap/bin/xevilteddy.xteddy . An adorable teddy bear! How cute. Now open Firefox and start typing, then check back in your terminal window. Oh no! All my secrets. Open another terminal window and give it focus. Oh no! An injected command that could instead have been a curl session that uploaded your private SSH keys to somewhere that's not going to respect your privacy.

The Snap format provides a lot of underlying technology that is a great step towards being able to protect systems against untrustworthy third-party applications, and once Ubuntu shifts to using Mir by default it'll be much better than the status quo. But right now the protections it provides are easily circumvented, and it's disingenuous to claim that it currently gives desktop users any real security.

Profile

terriko: (Default)
terriko

April 2016

S M T W T F S
     12
3 456789
10111213141516
17181920212223
24252627282930

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated May. 3rd, 2016 06:13 pm
Powered by Dreamwidth Studios