Nostr notes by hanno

FWIW: I don't have a big conclusion here, I'm just ...

2026-03-27T09:05:19Z

In reply to nevent1q…chuh
_________________________

FWIW: I don't have a big conclusion here, I'm just sharing random thoughts and observations. /end thread

But that wasn't an isolated development either. It's ...

2026-03-27T09:02:26Z

In reply to nevent1q…frn8
_________________________

But that wasn't an isolated development either. It's clearly showing up everywhere. I'm running out of reasons not to think that AI tools got really good at finding security vulnerabilities.

Obvious caveat: None of that changes that there are plenty of good reasons to be very worried about the whole AI thing.

AI, a few thoughts, observations about AI & security vulns. ...

2026-03-27T08:52:14Z

AI, a few thoughts, observations about AI & security vulns.
My standard line about AI is "there's a lot I'm uncertain about". But let's be clear, there's a lot I don't like & I'm probably biased towards the "here's how spectacularly AI failed once again" news (of which there are plenty) or at least the "it's not as impressive as it may look".
Yet, I don't want to close my eyes if I see things that clearly don't fit my biases. And I know a thing or two about security vulnerabilities.🧵

In der Frage steckt schon ein Mißverständnis: es sind keine ...

2026-01-30T14:57:15Z

In reply to nevent1q…cpef
_________________________

In der Frage steckt schon ein Mißverständnis: es sind keine gigantischen Flächen.
Und nein, der CO2-Effekt von Aufforstung auf diesen vergeichsweise kleinen Flächen hätte keinen großen Effekt. (Etwas anders sieht das bei Bioenergie aus, wo tatsächlich sehr große Flächen beansprucht werden.)

Hallo @npub1prv…5px6 ihr habt da ja jetzt ein Portal mit dem ...

2026-01-06T09:37:25Z

Hallo BSI (npub1prv…5px6) ihr habt da ja jetzt ein Portal mit dem man Schwachstellen melden kann. Ich wollte ja nur mal ausprobieren wie das so aussieht, aber falls Ihr Euch wundert dass da niemand was meldet: offenbar ist das Portal immer der Meinung, dass der eingegebene CVSS-Wert ungültig ist, egal was man eingibt. (Davon abgesehen halte ich es für eine sehr dumme Idee, Leuten, die freiwillig was melden wollen, erstmal mit so einem Quatsch zu behelligen.)

I really don't have any idea what they're doing at ...

2026-01-04T12:52:08Z

In reply to nevent1q…4d4w
_________________________

I really don't have any idea what they're doing at google. I had a recent instance where I was searching for a filename that was on an open source mirror in plenty of places, and Google said it knows nothing about it... there's, like, zero possiblity they don't have any of the mirror dirlistings indexed.

Anyone got a recommendation for a good web search engine? The one ...

2026-01-04T12:50:18Z

Anyone got a recommendation for a good web search engine? The one I used to use has decided to pivit towards providing a chatbot with a crappy search engine attached that isn't really working properly.

I'm totally fine with that.

2026-01-01T12:24:50Z

In reply to nevent1q…tkea
_________________________

I'm totally fine with that.

I have requested countless CVEs without doing CVSS and let mitre ...

2026-01-01T12:17:26Z

In reply to nevent1q…xdfm
_________________________

I have requested countless CVEs without doing CVSS and let mitre do that so I can ignore it. I think CVSS is more or less a random number generator (but not a cryptographically secure one).

Now those gpg.fail people made me find similar vulns elsewhere ...

2026-01-01T12:08:40Z

Now those gpg.fail people made me find similar vulns elsewhere (console control character injection). By "elsewhere" I mean... my own code.
Opinions wanted: should "input can inject console output with ansi and control chars" always be considered a vuln/CVE?
(I'll fix it in any case, I'm just wondering if I should do all the "security release/advisory/request CVE/..." stuff.)

German ministry renames itself, domain expires, is bought by ...

2025-12-10T08:25:24Z

German ministry renames itself, domain expires, is bought by SEO-spammer, expires again, is bought by domain grabber, then later bought by itsec company who now learns that apparently plenty of internal systems of the ministry still try to connect to the domain...
I don't even know where to start how terrible that is and what it tells us about government IT security practices...
https://mint-secure.de/bundesdomain-im-blindflug-dns-leaks-und-ein-jahrzehnt-it-nachlaessigkeit/
Tim (npub1s9u…2y0t) good work!

I've recently stumbled upon an RCE "exploit" for the ...

2025-12-02T10:32:05Z

I've recently stumbled upon an RCE "exploit" for the Serendipity blog software, which I happen to use and have contributed to in the past. From what I can tell, it does nothing interesting (it does not even work due to broken indents, if one fixes that it uploads a PHP shell given existing credentials, but that won't be executed unless you have a server config that executes .inc files). I'm 95% certain this is bogus. Yet... in case anyone wants to have a look: https://github.com/s9y/Serendipity/issues/940

That means the attack is only relevant if a) you have a file with ...

2025-10-10T07:53:38Z

In reply to nevent1q…jy92
_________________________

That means the attack is only relevant if a) you have a file with a secret, but no newlines&other characters breaking an URL, b) you know the path.
That seems rather unlikely in practice.

It may be that there are implementations that will ignore that and still open the URL. Or that will auto-encode newlines. Or that there's some trick I don't know. But that's all speculation. If you know of any *working* scenario where exfiltration with newlines works, I'd be interested to hear about it.

Dear Infosec people who have looked at XML and XXE before: I am ...

2025-10-10T07:50:07Z

Dear Infosec people who have looked at XML and XXE before: I am trying to get an understanding of Blind XXE.
Many of the descriptions I find are lacking an important detail which makes the attack much less practical. Blind XXE works by building an URL which contains content of a file, allowing to exfiltrate content. However, in all my tests, that *only* works if the file contains no newlines, as those are not allowed in URLs. Am I missing something?
🧵

There's a study indicating that a cheap nasal spray that is ...

2025-09-26T11:42:44Z

There's a study indicating that a cheap nasal spray that is already on the market (for allergies) can reduce Covid 19 infection risk by ~2/3rd, and also reduce other respiratorial infections. I'm somewhat torn between "too good to be true" and "any reason I shouldn't immediately buy and use this?"

Anyone read any insightful (and particularly: skeptical, caveats) takes on it?
https://jamanetwork.com/journals/jamainternalmedicine/fullarticle/2838335

Anyone happens to know if there's any easy trick to bypass an ...

2025-08-21T08:12:14Z

Anyone happens to know if there's any easy trick to bypass an Incapsula "security firewall" that thinks downloading with curl/wget is an attack to be prevented? (It's not just the user agent, I tried that.)

In case I know anyone here who's familiar with the finer ...

2025-08-14T05:41:15Z

In case I know anyone here who's familiar with the finer details of DNS and particularly DNS amplification attacks and their mitigations, I have some questions.

So that's that. This study wouldn't be expensive. Given ...

2025-08-12T09:23:11Z

In reply to nevent1q…txpk
_________________________

So that's that. This study wouldn't be expensive. Given that LDL and heart attacks are a big deal, a lot of people drink Espresso, and the impact may or may not be significant, I think it's a study worth doing. But it needs a lab that can measure that stuff.

I almost thought I could do this study on my own. I'd have to ...

2025-08-12T09:21:13Z

In reply to nevent1q…p3z8
_________________________

I almost thought I could do this study on my own. I'd have to brush up my statistics a bit, but it's in no way a complicated analysis, designing a statistically really good study with preregistration would be feasible.

However, it seems there's no such thing as a cafestol/kahweol home test or any easy way to test their concentration. The existing studies use something called chromatography in a lab, and I don't think it's something you can easily build at home.

However, that'd be a really expensive study, and nobody will ...

2025-08-12T09:17:59Z

In reply to nevent1q…n9x8
_________________________

However, that'd be a really expensive study, and nobody will do that. But the data on cafestol/kahweol seems good enough to justify making a simpler study. Just make a few cups of Espresso with different types of machines with and without a paper filter. Measure the concentration. No humans involved, no blood tests, no ethics committee to ask, etc.
If we assume the existing data shows that cafestol/kahweol are increasing LDL and that's unhealthy (very plausible), that'd be a "good enough" study.

I think the main reason people use these paper filters is that ...

2025-08-12T09:15:15Z

In reply to nevent1q…q5ah
_________________________

I think the main reason people use these paper filters is that they think it tastes better and you have less coffee grounds. However, plausibly, they could make a heart-healthier coffee.

Now, I can do that. Question is: does it work? I mean, plausibly, it will. But it's not exactly the same as standard filtered coffee.

The perfect study would test it in humans who drink espresso with paper filter (ideally 4 groups, real espresso machine, my electric espresso can, with/without paper).

There's no paper filter involved, and it turns out from ...

2025-08-12T09:12:01Z

In reply to nevent1q…823c
_________________________

There's no paper filter involved, and it turns out from existing data, Espresso has high levels of cafestol and kahweol. (Whether that's also true for my electric not-really-Espresso can, I don't know for sure, but plausibly, it probably is.)
Now, my question was: Can I add a paper filter? Shouldn't be too hard. Just put it on top of the coffee. Paper filters for "real" Espresso machines are cheap and can be bought in your favorite online shop.

Concentration of these LDL-increasing substances depends a lot on ...

2025-08-12T09:10:19Z

In reply to nevent1q…v3sx
_________________________

Concentration of these LDL-increasing substances depends a lot on the way you make your coffee. Notably, coffee that went through a paper filter has very low levels of cafestol and kahweol. Turkish Coffee, meaning pouring hot water over coffee powder and not filtering it, has high levels. So this is malleable.
Now, my coffee consumption is, to a large part, Espresso out of an electric espresso can. (Some may argue that that's not "real" Espresso, but that's not my point, it's what I drink.)

First of all, it appears the scientific consensus is going in the ...

2025-08-12T09:07:32Z

In reply to nevent1q…6ysc
_________________________

First of all, it appears the scientific consensus is going in the direction that , overall, Coffee consumption is not unhealthy, and may even have some health benefits
However, cafestol and kahweol are probably bad due to their effect on LDL. I read in some sources that the effect can be up to 15 points in LDL level, which is enough to care. (To get an idea: my LDL is 170, <100 would be considered healthy. Eliminating cafestol/kahweol won't get me to healthy levels, but it would be significant.)

From the things one can do to lower LDL, most of them I already ...

2025-08-12T09:01:48Z

In reply to nevent1q…fsm3
_________________________

From the things one can do to lower LDL, most of them I already do. I don't smoke, don't consume alcohol, don't eat meat, my main source of fat is olive oil, which is considered one of the healthiest options.
But digging deeper, I came across something that I hadn't really on my radar (I kinda knew, but didn't think it's a big deal): Coffee. Or, more precisely, two substances in Coffee called Cafestol and Kahweol.

LDL is a major risk factor for heart disease. (It isn't the ...

2025-08-12T08:59:18Z

In reply to nevent1q…jml8
_________________________

LDL is a major risk factor for heart disease. (It isn't the best value to predict heart disease risk, that is ApoB. But unfortunately, standard medical practice hasn't adopted this yet.)
So my high LDL is... not good. Unfortunately, the effect of lifestyle changes on LDL is limited, and my risk is still far away from what would receive medication. (Some doctors think that far more people should receive medication, which I find a very interesting debate, but that's another story.)

I went down a rabbit hole trying to understand some health ...

2025-08-12T08:53:24Z

I went down a rabbit hole trying to understand some health issues, and I ended up with an idea for a study that involves Espresso and heart disease risks that would be relatively easy to perform and could help make more informed health decisions. My journey (and this is only one tiny aspect, I've been thinking about this a lot) started a bit more than a year ago when I got a blood test as part of a health checkup that contained some concerning values, notably high glucose and high LDL. 🧵

Do I know anyone who knows anyone at cloudflare? Can you tell ...

2025-07-10T09:22:04Z

Do I know anyone who knows anyone at cloudflare? Can you tell them to fix their documentation about email smtp/submission ports? It's outdated (see RFC 8314) and still recommends the less secure 587+starttls, and it's the most prominent google result... https://www.cloudflare.com/learning/email-security/smtp-port-25-587/

In case anyone here has connections with the Python team: can you ...

2025-06-08T09:22:05Z

In case anyone here has connections with the Python team: can you please tell them to update their docs on XML security? The way it is is quite misleading, and it's been annoying me for a while. I raised this a while ago in their issue tracker, but it got no reaction whatsoever. https://github.com/python/cpython/issues/127502 🧵

This is a gruelling summary of all the things wrong with OpenSSL ...

2025-05-07T07:45:54Z

This is a gruelling summary of all the things wrong with OpenSSL https://www.haproxy.com/blog/state-of-ssl-stacks I've mostly watched this whole thing from the sidelines, but was also affected noting that private key parsing suddenly became 70 times slower. I think they've now improved it to "only" be 10-20 times slower, and there does not seem any effort to work on it any more.

Is there a way to configure the Linux kernel or a tool that puts ...

2025-04-21T11:57:06Z

Is there a way to configure the Linux kernel or a tool that puts a laptop into a "no-fan" mode? Like, if it gets too hot, reduce the CPU frequency. It's definitely possible to run my laptop without the CPU fan, by reducing the cpufreq scaling_max_freq enough for all cores. But what I'd want is "you're allowed to go to whatever freq you still can do safely without running the fan, but auto-reduce if it gets too hot, never use the fan".

We measured fever with mercury, had lead in fuel, christmas ...

2025-03-30T07:00:49Z

In reply to nevent1q…h3m7
_________________________

We measured fever with mercury, had lead in fuel, christmas decorations, and it was melted as a fun tradition for new years eve. Batteries did not just contain cadmium, but also mercury. This is all extremely toxic stuff, and it used to be around us not too long ago. NiCd battery sales were banned in the EU in 2017.

#toxic stuff: Recently, my shaver broke, and for situations like ...

2025-03-30T06:54:27Z

#toxic stuff:
Recently, my shaver broke, and for situations like this, I had an older electric shaver in a box. Which... also didn't work any more, so that didn't help. But curiously, I noted that the older shaver still had a Nickel Cadmium battery. Which is... one of the many toxic things we used to have around us, and we no longer have. and I think this is an underappreciated fact and a success of reasonable regulation. 🧵

This was one of the instances of insecure openid connect keys I ...

2025-03-17T16:30:28Z

In reply to nevent1q…u3k7
_________________________

This was one of the instances of insecure openid connect keys I blogged about recently https://blog.hboeck.de/archives/909-Mixing-up-Public-and-Private-Keys-in-OpenID-Connect-deployments.html the host auth.univie.ac.at has an openid connect configuration file. It points to https[://]auth.univie.ac.at/jwk for its jwks_uri that contains the public keys. Apparently, one of those keys is an example key used in the software "OpenID-Connect-Java-Spring-Server". Therefore, the private key is what I like to call a "Public Private Key".

So... I recently called out the University of Vienna as a bad ...

2025-03-17T16:28:34Z

So... I recently called out the University of Vienna as a bad example for not providing a usable security contact. In case you were wondering what that was all about, and how it continued... I eventually was pointed to a security contact address. I also reported the issue, and they confirmed it. They also claimed to have fixed it. Yet... https://mastodon.social/@hanno/113956477328875800 🧵

Assuming I neither want to learn how to parse ics files or how ...

2025-03-07T17:18:49Z

In reply to nevent1q…vuen
_________________________

Assuming I neither want to learn how to parse ics files or how caldav works internally. Isn't there any tool that takes an ics file and uploads it to a caldav-capable calendar? Or am I thinking wrong, and I should solve my problem in a different way? How? Can anyone point me to a howto/doc/blogpost that is simple and explains how to do that?

Ultimately, what I want is some scriptable tool that I can run - ...

2025-03-07T17:16:22Z

In reply to nevent1q…tlpq
_________________________

Ultimately, what I want is some scriptable tool that I can run - either locally or on the server - that takes an ics file and puts it into the calendar. Either something that utilizes nextcloud's commandline stuff, or a web API. I *think* this could be done with caldav. Which is, as far as I understand, a way other applications can interact with a calendar application like nextcloud. Yet: How excatly would I do that?

Dear Internet hivemind, I have a tech problem. I use nextcloud as ...

2025-03-07T17:14:30Z

Dear Internet hivemind, I have a tech problem. I use nextcloud as my calendar. I get a lot of ics files these days, via email, or from web pages where I signup for events. I want to get the ics files into my nextcloud calendar without it being annoying. I think it should be simple to solve, but somehow, it isn't. I don't find any good answers how I might do that. Maybe I'm googling for the wrong terms. 🧵

In discussions about clean Hydrogen, there is a popular idea ...

2025-03-04T11:56:26Z

In discussions about clean Hydrogen, there is a popular idea floating around, particularly in countries like Germany or Japan that import large parts of their current fossil fuel energy. Instead of importing fossil fuels, the story goes, we will import large quantities of Hydrogen in the future from places where wind and sun are plentiful, and therefore, renewable energy is cheap. The problem with this idea is that Hydrogen is really difficult to transport. ⚡💧🚢🏭 🧵

Hab mir gerade eine Rede der Linken Spitzenkandidatin Heidi ...

2025-02-23T07:14:56Z

Hab mir gerade eine Rede der Linken Spitzenkandidatin Heidi Reichinnek auf youtube angeschaut, die ja scheinbar gerade dafür sorgt, dass ihre Partei noch eine Restrelevanz hat. Als erstes spricht sie über den Rechtsruck und Rassismus. Jetzt würde man ja denken: Linke Partei, die sich als zentrales Thema gegen Rechtsruck und Rassismus wendet, ist eigentlich selbstverständlich. War es halt für die letzten Jahre meist nicht.

You may compare your 32x32 pixel PNG icon to your SVG and think ...

2025-02-20T08:34:27Z

In reply to nevent1q…p23l
_________________________

You may compare your 32x32 pixel PNG icon to your SVG and think that it's smaller. But your PNG is compressed, your SVG isn't. (It's XML, essentially a text format.) Yet, your web server can compress it on the HTTP layer. You cannot further compress PNG or JPG or AVIF usually, but you can compress SVG. The data transmitted is smaller than the file size for SVGs, but not for PNG/JPG/AVIF.

Webdesign tip: SVG files are smaller in practice than it may ...

2025-02-20T08:32:28Z

Webdesign tip: SVG files are smaller in practice than it may appear.
If you use an image on a webpage that you have as a vector graphic, it's usually a good idea to use SVG instead of raster formats like JPG/PNG. Given high resolution displays and zooming habits, your width="[pixelsize]" is practically not what's displayed, and it'll look better if it can be zoomed without losses. But if you're an optimization perfectionist, you may look at file size, which can be misleading. 🧵

also... if your webpage tells me you have foobar ISO whatnot ...

2025-02-06T10:33:24Z

In reply to nevent1q…cq7c
_________________________

also... if your webpage tells me you have foobar ISO whatnot security certification, BUT YOU DONT HAVE A SECURITY CONTACT, I'm wondering what these certifications actually do if you can pass them and still fail at the absolute basics.

How not to do it: Here's the university of Vienna. They tell ...

2025-02-06T10:30:49Z

In reply to nevent1q…gdmv
_________________________

How not to do it: Here's the university of Vienna. They tell you to use their support desk contact form WHICH REQUIRES A LOGIN... https://zid.univie.ac.at/it-security/
So... you have to study or work there in order to tell them about a security issue.

In unrelated news, in case you know anyone at the university of vienna's security team, you may want to tell them to get in touch with me.

I am regularly surprised how many organizations fail with one of ...

2025-02-06T10:29:26Z

I am regularly surprised how many organizations fail with one of the most basic things they can do about IT security: HAVE A SECURITY CONTACT.
If someone externally wants to tell you about a security issue, make it easy for them. There's a standard for it (security.txt), but even having any place on your webpage saying e.g. "if you found a security issue, please contact XYZ" is good enough.

Es sagt ja so viel über den kaputten Stand unserer ...

2025-01-07T14:10:40Z

Es sagt ja so viel über den kaputten Stand unserer gesellschaftlichen Diskurse, dass wir gerade eine Diskussion über den Krankenstand haben, aber kein einziger Vorschlag dazu zielt darauf ab, dass Leute weniger krank werden. Ich mein, ist ja nicht so dass man da nix tun könnte. (Luftfilter, Masken, Homeoffice, leichterer Zugang zu Impfungen, ...)

Ach echt, es war gar keine tolle Idee, die Heidekrautbahn mit ...

2024-12-29T09:03:10Z

Ach echt, es war gar keine tolle Idee, die Heidekrautbahn mit Wasserstoff (wohlgemerkt aus Erdgas) fahren zu lassen? Hätte uns nur jemand gewarnt! https://www.rbb24.de/wirtschaft/beitrag/2024/12/wasserstoff-engpass-einschraenkungen-regionalbahn-berlin-brandenburg-vbb.html

is it really GPS spoofing? I talked to someone yesterday who ...

2024-12-29T08:32:37Z

In reply to nevent1q…yfzd
_________________________

is it really GPS spoofing? I talked to someone yesterday who observed that the phone would go into the wrong timezone when connecting to the wifi.

Anyone has an explanation how that happened? I got an error about ...

2024-12-24T07:32:56Z

Anyone has an explanation how that happened? I got an error about a double free in an ssh shell with an immediate disconnect afterwards. Likely a memory corruption happening in bash. Possibly also in ssh itself...

This is quite something: The BBC reports about health ...

2024-12-13T12:32:53Z

This is quite something: The BBC reports about health misinformation. One example is... a show on BBC!
I mean, I guess it's good that they critically evaluate their own reporting.

But it gets better: "A spokesperson for the BBC declined to comment."

That's quite arrogant of the BBC to decline to comment when a journalist working for the BBC asks you for a comment

https://www.bbc.com/news/articles/c4gpz163vg2o

This thing with lower quality due to audio compression is a bit ...

2024-12-04T11:25:28Z

In reply to nevent1q…03yy
_________________________

This thing with lower quality due to audio compression is a bit of a myth. It is totally possible to compress music a whole lot without loosing quality in a way that is recognizable by humans. Here's a "classic" post discussing this in great detail: https://xiphmont.dreamwidth.org/57937.html
Technically, it's true that these compression algorithms loose information, but when it's impossible to recognize this information loss with a human ear, it's not relevant.

Dear everyone who owns domains that are not used for e-mail, ...

2024-11-25T08:51:21Z

Dear everyone who owns domains that are *not used for e-mail*, particularly ones that are potential targets for phishing (banks, high-profile names): Could you please configure SPF+DMARC, ideally with p=reject? You may wonder: Why should I configure anything email for a host that isn't used for email? Well... it helps others to identify spam sent with your domain as the sender.

Nostr event nevent1qqswh9ekz23xqaxqyvgcxnnyf42dkxjgxjzfhl8x2m3r22sysfvg8mszyzqnn8c8v6vp4hszag35pm4jpase7n220zsgm0artum8q0u5f4veynad469

2024-11-21T08:37:34Z

Google payed me a bugbounty for a bug I reported 8 years ago...

Option "Nein, das Virus war schneller" fehlt...

2024-11-14T10:48:18Z

In reply to nevent1q…kl25
_________________________

Option "Nein, das Virus war schneller" fehlt...

I don't understand the "where you can have the right ...

2024-10-19T08:40:42Z

In reply to nevent1q…avkx
_________________________

I don't understand the "where you can have the right answer base64-encoded in a hidden field" part. why would you need that? Check the answer client side?

Is there anything like a reasonably working local antispam ...

2024-10-19T08:30:36Z

Is there anything like a reasonably working local antispam solution for web contact forms? It appears the popular one is akismet, but that essentially means "sent the whole message to someone else", and that feels really inacceptable privacy wise.

Certainly the thought crosses my mind whether anyone will want to ...

2024-09-19T14:35:13Z

Certainly the thought crosses my mind whether anyone will want to read my likely-30k-characters thoughts on green methanol that I'm currently writing down, with obscure, nerdy side quests towards formaldehyde, dimethyl ether, and gasification technology. But then, I know at least a couple of people that will almost certainly read it, so I guess it's okay.

das klingt so als ob du bisher sehr viel bezahlst(?) - ich hatte ...

2024-09-17T11:49:59Z

In reply to nevent1q…x87z
_________________________

das klingt so als ob du bisher sehr viel bezahlst(?) - ich hatte die neulich auch da, und die haben mir erzählt dass ich kaum mehr zahlen würde als bisher, und mir irgendwelche Zahlen genannt (ich hab sowas ja nicht im Kopf und habs erstmal geglaubt...), Ich hab's dann gecheckt, ich zahl im Moment deutlich weniger als der mir erzählt hat.

This widely shared infographic uses a trick to make its message ...

2024-09-10T11:14:45Z

This widely shared infographic uses a trick to make its message appear much stronger than it actually is. It seems to show a strong correlation between energy consumption and wealth of a country. By using a logarithmic scale, the correlation appears much stronger than it actually is. I covered this before in articles, and now have also uploaded a short video ⚡💸🎥 https://www.youtube.com/watch?v=2xZ6CihdKu0 🧵

have fun: https://github.com/hannob/geogrep

2024-09-09T08:40:47Z

In reply to nevent1q…mn6p
_________________________

have fun: https://github.com/hannob/geogrep

Ok... I wrote that tool. It works, I found the pic I was looking ...

2024-09-09T08:20:01Z

In reply to nevent1q…ymyd
_________________________

Ok... I wrote that tool. It works, I found the pic I was looking for. Will publish soon.

Followerpower: I'm looking for a specific picture in a not ...

2024-09-09T06:59:01Z

Followerpower: I'm looking for a specific picture in a not well sorted collection... It is probably geotagged, and I know relatively precisely where it was taken. So... Is there any tool (offline, linux) that can do the following: Search for any picture close to specific geocoordinates?

Do you remember how people were discussing those disgusting food ...

2024-09-07T09:45:28Z

Do you remember how people were discussing those disgusting food practices in China at the beginning of the Covid pandemic that were blamed for the virus transmission? Why don't we have such a discussion now when US cow farms are breeding dangerous bird flu strains?

Falls sich potentiell jemand für gebrauchte Solarmodule ...

2024-08-14T09:59:24Z

Falls sich potentiell jemand für gebrauchte Solarmodule "Schüco MPE 90 AL" interessiert: könnte potentiell vermitteln dass die von einer alten Anlage, die abgebaut werden soll, abgeholt werden können. Wenn sie niemand holt werden sie wohl entsorgt. 120 Stück, Standort nordöstlich von Stuttgart.

Question to cryptographers who are... somewhat older. Was RSA 512 ...

2024-08-11T20:26:18Z

Question to cryptographers who are... somewhat older. Was RSA 512 the smallest key size that was ever used widely, or were smaller key sizes ever used in common applications?

Preparing a talk about industrial emissions, & I like to ...

2024-08-08T09:39:56Z

Preparing a talk about industrial emissions, & I like to illustrate things with local examples. The place where I'm presenting is close to a cluster of chemical factories, in the German state of Saxony-Anhalt. In the pic on the left is a large coal power plant, pretty nasty, + the largest emission source in Saxony-Anhalt. But I want to talk about the factory on the right. That's the Dow steam cracker, a major step in the production of plastics. Pic CC by-sa, Foto Fitti, 🧵