Hackeriet

This year, many Hackeriet members attended the 39th Chaos Communication Congress. It was a blast! As part of our efforts to improve how we organize these trips, we held a lessons-learned meetup afterward. Around 15 people joined the meeting, and there was good engagement and a strong willingness to contribute.

There was broad agreement that this year’s congress worked well. Notes were prepared in advance and added during the meeting; these are available at https://pad.hackeriet.no/40C3. The…

Securing systems exposed to the internet is a moving target, especially when dealing with brute-force attacks on authentication services. I run a Zimbra mail server on an Ubuntu 18.04 server (yes, I know it’s time to upgrade), and I decided to tackle these never-ending login attempts. Along the way, I integrated AbuseIPDB for IP reporting, configured the recidive jail for persistent offenders, and encountered a few interesting bugs and quirks worth sharing.

Fail2Ban is an open-source intrusion…

The built in keyboard on my laptop is annoying to use, everything is wrong about it (Dell XPS Plus). To make matters worse, it is also a european layout that i am not used to. I type at perhaps half my usual speed using the built in keyboard, so i wish to place my regular mechanical keyboard on top and disable the built in keyboard (so i dont accidentally hit the built in keys)

How to

First you must determine the name of your bluetooth keyboard and the device path of your laptop keyboard. cat…

Hackeriet at one point aquired a few Fun Generation LED pots, and one of the strong selling arguments for us was the knowledge that they supported DMX.

“DMX (Digital Multiplex) is a protocol used to control devices such as lights or fog machines. The signal is unidirectional, meaning it only travels in one direction; from the controller or first light, all the way to the last. In its most basic form, DMX is just a protocol for lights, like how MIDI is for keyboards or DAW controllers.” 1

This…

This is a cross post from stiankri.substack.com

Earlier this year I did some security research into the Python Package Index (PyPI) as well as how it’s used by the package managers Pip and Poetry.

The research is summarized in the following blog posts:

1. PyPI Upload Denial of Service

2. Reproducibility in PyPI

3. Distribution Confusion in PyPI

4. Manifest Confusion in PyPI

The research was also presented at BSides Oslo in the talk “Unexpected Ways to Distribute Python Packages”.

UPDATE 2023-06-12: v0.083-TRIAL has been released with a fix.

[CVE-2023-31486] HTTP::Tiny v0.082, is a http client included in Perl (since v5.13.9) and also a standalone CPAN module. It does not verify TLS certificates by default requiring users to opt-in with the verify_SSL=>1 flag to verify the identity of the HTTPS server they are communicating with.

The module is used by many distributions on CPAN, and likely other open source and proprietary software.

NOTE: This post summarizes…

Hackeriet arranged a small conference during 28-30 dec 2022. With lots of talks, streaming service for those of us who couldn’t attend in person and lots of good conversations between the attendants.

The recording of most of the talks have been available on youtube since the conference and will soon be reposted as individual talks.

List of talks and workshops performed

• ctx - Native vector graphics for microcontrollers and terminals - Øyvind Kolås
• Secure messaging deep dive - Stian…

Time passes as water under a bridge, it is yet again time to release a version of ripasso. We present version 0.6.0.

New Features Choosable OpenPGP backend

We have implemented support for configuration files. You can now switch between different password directories from the menu.

Experimental new OpenPGP backend based on Sequoia

The Sequoia project is a implementation of OpenPGP written in Rust. Since the GPG project have suffered from multiple security problems due to memory corruption…

When packaging a rust crate for Debian, bug fixing is a part of the process. There is of course multiple sources of bugs, but a common one is that the crate doesn’t build on all architectures.

The builds in Debian happens on a lot of different architectures, and normally you only have an x86_64 machine to test on before pushing a new version of a package.

The full list of different architectures is:

• amd64
• arm64
• armel
• armhf
• i386
• mips64el
• mipsel
• ppc64el
• s390x
• alpha
• arc
…

CQ CQ DE LA1HAX!

Hackeriet (Oslo Hackerspace) has been appointed the ham club signal LA1HAX, effective from 2021-11-16.

The hobby

Amateur radio, or “ham radio”, is a hobby which focueses on connecting the world and a shared interest of technology and electronics. The operators, often callled “hams”, are free to build and use radio equipment to transmit in different ways as long as they operate within the parameters set by the licensing authority.

Operating a ham radio station requires the…