My current rig:

• old android phone with GPS disabled
• external GPS device (NMEA over bluetooth)
• OSMand from f-droid for offline maps and navigation
• BlueGPS to connect to the bluetooth GPS device, grab the NMEA signal, and feed it as a mock location
• developer options » mock locations enabled

The idea is to save on phone battery so I can navigate more than an hour. The phone’s internal GPS is energy intensive because of all the GPS calculations. By offloading the GPS work to an external bluetooth GPS, the phone’s battery can be somewhat devoted to the screen because bluetooth uses much less energy than GPS. And NMEA carries lat/long so the phone need not do the calculations.

Not sure it actually works though.. been waiting for satellites for a while now. Anyway, I would like to know if this config can work on any FOSS platforms, like pmOS. Can OSMand run on pmOS or is there a better option? IIUC, Android apps are a huge CPU hog on pmOS because of emulation.

Ideally I would like to buy something 2nd-hand like a BQ Aquaris X5 and put pmOS on it. I’ll need a quite lean mapping and nav app that runs on pmOS, and also has the ability to use an external GPS.

For the first 15 minutes when satellites are taking forever to appear, I would like to use something like WiGLE WiFi Wardriving which makes use of wifi APs and cell towers the same way Google location does, but without feeding Google. Is there anything like that on pmOS, or any other FOSS phone platform?

Updates

Every mobile FOSS platform listed by the OSM project have been abandoned as far as I can tell. But perhaps OSM is just poorly tracking this because osmin and pure maps apparently both run on Postmarket OS:

• https://wiki.postmarketos.org/wiki/Osmin
• https://wiki.postmarketos.org/wiki/Pure_Maps

There is a network-dependent nav app called Mepo, but that would not interest me.

There is also Organic Maps which comes as a flatpak for aarch64. It requires the whole KDE framework which is fat in terms of size but probably not relying on emulation so it could perform well enough.

MAFF (a shit-show, unsustained)

Firefox used to have an in-house format called MAFF (Mozilla Archive File Format), which boiled down to a zip file that had HTML and a tree of media. I saved several web pages that way. It worked well. Then Mozilla dropped the ball and completely abandoned their own format. WTF. Did not even give people a MAFF→mhtml conversion tool. Just abandoned people while failing to realize the meaning and purpose of archival. Now Firefox today has no replacement. No MHTML. Choices are:

• HTML only
• HTML complete (but not as a single file but a tree of files)

MHTML (shit-show due to non-portable browser-dependency)

Chromium-based browsers can save a whole complete web page to a single MHTML file. Seems like a good move but then if you open Chromium-generated MHTML files in Firefox, you just get an ascii text dump of the contents which resembles a fake email header, MIME, and encoded (probably base64). So that’s a show-stopper.

exceptionally portable approach: A plugin adds a right-click option called “Save page WE” (available in both Firefox and Chromium). That extension produces an MHTML file that both Chromium and Firefox can open.

PDF (lossy)

Saving or printing a web page to PDF mostly guarantees that the content and representation can reasonably be reproduced well into the future. The problem is that PDF inherently forces the content to be arranged on a fixed width that matches a physical paper geometry (A4, US letter, etc). So you lose some data. You lose information about how to re-render it on different devices with different widths. You might save on A4 paper then later need to print it to US letter paper, which is a bit sloppy and messy.

PDF+MHTML hybrid

First use Firefox with the “Save page WE” plugin to produce an MHTML file. But relying on this alone is foolish considering how unstable HTML specs are even still today in 2024 with a duopoly of browser makers doing whatever the fuck they want - abusing their power. So you should also print the webpage to a PDF file. The PDF will ensure you have a reliable way to reproduce the content in the future. Then embed the MHTML file in the PDF (because PDF is a container format). Use this command: $ pdfattach webpage.pdf webpage.mhtml webpage_with_HTML.pdf The PDF will just work as you expect a PDF to, but you also have the option to extract the MHTML file using pdfdetach webpage_with_HTML.pdf if the need arises to re-render the content on a different device.

The downside is duplication. Every image is has one copy stored in the MTHML file and another copy separately stored in the PDF next to it. So it’s shitty from a storage space standpoint. The other downside is plugin dependency. Mozilla has proven browser extensions are unsustainable when they kicked some of them out of their protectionist official repository and made it painful for exiled projects to reach their users. Also the mere fact that plugins are less likely to be maintained than a browser builtin function.

We need to evolve

What we need is a way to save the webpage as a sprawled out tree of files the way Firefox does, then a way to stuff that whole tree of files into a PDF, while also producing a PDF vector graphic that references those other embedded images. I think it’s theoretically possible but no tool exists like this. PDF has no concept of directories AFAIK, so the HTML tree would likely have to be flattened before stuffing into the PDF.

Other approaches I have overlooked? I’m not up to speed on all the ereader formats but I think they are made for variable widths. So saving a webpage to an ereader format of some kind might be more sensible than PDF, if possible.

(update) The goals

1. Capture the webpage as a static snapshot in time which requires no network to render. Must have a simple and stable format whereby future viewers are unlikely to change their treatment of the archive. PDF comes close to this.
2. Record the raw original web content in a non-lossy way. This is to enable us to re-render the content on different devices with different widths. Future-proofness of the raw content is likely impossible because we cannot stop the unstable web standards from changing. But capturing a timestamp and web browser user-agent string would facilitate installation of the original browser. A snapshot of audio, video, and the code (JavaScript) which makes the page dynamic is also needed both for forensic purposes (suitable for court) and for being able to faithfully reproduce the dynamic elements if needed. This is to faithfully capture what’s more of an application than a document. wget -m possibly satisfies this. But perhaps tricky to capture 3rd party JS without recursing too far on other links.
3. A raw code-free (thus partially lossy) snapshot for offline rendering is also needed if goal 1 leads to a width-constrained format. Save page WE and WebScrapBook apparently satisfies this.

PDF satisfies goal 1; wget satisfies goal 2; maff/mhtml satisfies goal 3. There is likely no single format that does all of the above, AFAIK. But I still need to explore these suggestions.

If you visit: https://12ft.io/$URL_to_pdf.pdf using a GUI browser, the raw PDF binary is dumped to the screen. There is no way to capture this. If you use wget it just gets an HTML wrapper. If you hit F12»inspect»element, you can derive a proper URL to a PDF and use wget on that. E.g. wget 'https://12ft.io/api/proxy?q=https://mswista.files.wordpress.com/2015/04/typesofmemory_updated.pdf' But the PDF is corrupt. There is no user-side hack here. The service is broken. Apparently the server is doing a character set conversion as if it’s ascii text.

(BTW, that sample URL above works fine without 12ft.io. It’s just an example to demo the 12ft.io problem. Of course when a PDF is walled off and I am forced to use 12ft.io, then I’m hosed)

The admin is only reachable in Twitter and Gmail, nethier of which work for me. The is a Mastodon bot at @thmsmlr@bird.makeup but that’s only good for following him. No way to report it to him AFAIK. Hence why I am posting this here.

I would never use the typical kind of shared bike that you can just leave anywhere because AFAIK those are exclusively for Google pawns. But the kind that have stations do not need an app. So I scraped all the bicycle station locations into a db & used an openstreetmaps API to grab the elevation of each station. If the destination station was a higher elevation than the source station, my lazy ass would take the tram. Hey, gimme a break.. these shared bikes are heavy as fuck because they’re made to take abuse from the general public.

It was fun to just cruise these muscle bikes downhill. I was probably a big contributor of high bicycle availability at low elevations and shortages in high places. The bike org then started a policy to give people a bonus credit if they park in a high station to try to incentivize more people going uphill.

I recall an inspirational story where a woman tried many dating sites and they all lacked the filters and features she needed to find the right guy. So she wrote a scraper bot to harvest profiles and wrote software that narrowed down the selection and propose a candidate. She ended up marrying him.

It’s a great story. I have no link ATM, and search came up dry but I found this story:

https://www.ted.com/talks/amy_webb_how_i_hacked_online_dating/transcript?subtitle=en

I can’t watch videos right now. It could even be the right story but I can’t verify.

I wonder if she made a version 2.0 which would periodically scrape new profiles and check whether her husband re-appears on a dating site, which could then alert her about the anomaly.

Anyway, the point in this new community is to showcase beneficial bots and demonstrate that there is a need to get people off the flawed idea that all bots are malicious. We need more advocacy for beneficial bots.

cross-posted from: https://lemmy.sdf.org/post/24645301

> They emailed me a PDF. It opened fine with evince and looked like a simple doc at first. Then I clicked on a field in the form. Strangely, instead of simply populating the field with my text, a PDF note window popped up so my text entry went into a PDF note, which many viewers present as a sticky note icon. > > If I were to fax this PDF, the PDF comments would just get lost. So to fill out the form I fed it to LaTeX and used the overpic pkg to write text wherever I choose. LaTeX rejected the file.. could not handle this PDF. Then I used the file command to see what I am dealing with: > > $ file signature_page.pdf > signature_page.pdf: Java serialization data, version 5 > > WTF is that? I know PDF supports JavaScript (shitty indeed). Is that what this is? “Java” is not JavaScript, so I’m baffled. Why is java in a PDF? (edit: explainer on java serialization, and some analysis) > > My workaround was to use evince to print the PDF to PDF (using a PDF-building printer driver or whatever evince uses), then feed that into LaTeX. That worked. > > My question is, how common is this? Is it going to become a mechanism to embed a tracking pixel like corporate assholes do with HTML email? > > I probably need to change my habits. I know PDF docs can serve as carriers of copious malware anyway. Some people go to the extreme of creating a one-time use virtual machine with PDF viewer which then prints a PDF to a PDF before destroying the VM which is assumed to be compromised. > > My temptation is to take a less tedious approach. E.g. something like: > > $ firejail --net=none evince untrusted.pdf > > I should be able to improve on that by doing something non-interactive. My first guess: > > $ firejail --net=none gs -sDEVICE=pdfwrite -q -dFIXEDMEDIA -dSCALE=1 -o is_this_output_safe.pdf -- /usr/share/ghostscript/*/lib/viewpbm.ps untrusted_input.pdf > > output: > > Error: /invalidfileaccess in --file-- > Operand stack: > (untrusted_input.pdf) (r) > Execution stack: > %interp_exit .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- --nostringval-- --nostringval-- false 1 %stopped_push 1990 1 3 %oparray_pop 1989 1 3 %oparray_pop 1977 1 3 %oparray_pop 1833 1 3 %oparray_pop --nostringval-- %errorexec_pop .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- --nostringval-- --nostringval-- %array_continue --nostringval-- > Dictionary stack: > --dict:769/1123(ro)(G)-- --dict:0/20(G)-- --dict:87/200(L)-- --dict:0/20(L)-- > Current allocation mode is local > Last OS error: Permission denied > Current file position is 10479 > GPL Ghostscript 10.00.0: Unrecoverable error, exit code 1 > > What’s my problem? Better ideas? I would love it if attempts to reach the cloud could be trapped and recorded to a log file in the course of neutering the PDF. > > (note: I also wonder what happens when Firefox opens this PDF considering Mozilla is happy to blindly execute whatever code it receives no matter the context.)

They emailed me a PDF. It opened fine with evince and looked like a simple doc at first. Then I clicked on a field in the form. Strangely, instead of simply populating the field with my text, a PDF note window popped up so my text entry went into a PDF note, which many viewers present as a sticky note icon.

If I were to fax this PDF, the PDF comments would just get lost. So to fill out the form I fed it to LaTeX and used the overpic pkg to write text wherever I choose. LaTeX rejected the file.. could not handle this PDF. Then I used the file command to see what I am dealing with: $ file signature_page.pdf signature_page.pdf: Java serialization data, version 5 WTF is that? I know PDF supports JavaScript (shitty indeed). Is that what this is? “Java” is not JavaScript, so I’m baffled. Why is java in a PDF? (edit: explainer on java serialization, and some analysis)

My workaround was to use evince to print the PDF to PDF (using a PDF-building printer driver or whatever evince uses), then feed that into LaTeX. That worked.

My question is, how common is this? Is it going to become a mechanism to embed a tracking pixel like corporate assholes do with HTML email?

I probably need to change my habits. I know PDF docs can serve as carriers of copious malware anyway. Some people go to the extreme of creating a one-time use virtual machine with PDF viewer which then prints a PDF to a PDF before destroying the VM which is assumed to be compromised.

My temptation is to take a less tedious approach. E.g. something like: $ firejail --net=none evince untrusted.pdf I should be able to improve on that by doing something non-interactive. My first guess: $ firejail --net=none gs -sDEVICE=pdfwrite -q -dFIXEDMEDIA -dSCALE=1 -o is_this_output_safe.pdf -- /usr/share/ghostscript/*/lib/viewpbm.ps untrusted_input.pdf output: Error: /invalidfileaccess in --file-- Operand stack: (untrusted_input.pdf) (r) Execution stack: %interp_exit .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- --nostringval-- --nostringval-- false 1 %stopped_push 1990 1 3 %oparray_pop 1989 1 3 %oparray_pop 1977 1 3 %oparray_pop 1833 1 3 %oparray_pop --nostringval-- %errorexec_pop .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- --nostringval-- --nostringval-- %array_continue --nostringval-- Dictionary stack: --dict:769/1123(ro)(G)-- --dict:0/20(G)-- --dict:87/200(L)-- --dict:0/20(L)-- Current allocation mode is local Last OS error: Permission denied Current file position is 10479 GPL Ghostscript 10.00.0: Unrecoverable error, exit code 1 What’s my problem? Better ideas? I would love it if attempts to reach the cloud could be trapped and recorded to a log file in the course of neutering the PDF.

(note: I also wonder what happens when Firefox opens this PDF, because Mozilla is happy to blindly execute whatever code it receives no matter the context.)

So here’s a repugnant move by right-wing assholes. Taxans: you can counter that shit. If a hospital asks you whether you are in the country legally, instead of saying “yes” the right answer is “I decline to answer”. Don’t give the dicks their stats.

According to BBC World News, the stocks in the US that are expected to do well under Trump are surging. I think those stocks are surely over-valued. Their value will be corrected after Trump loses.

In the US it’s illegal to bet on elections(see update), but betting on the stock market is fair game. I would love it if the some short-sellers would exploit this situation.

(update) It’s now legal to bet on elections in the US, as of a few weeks ago

I’ve noticed this problem on infosec.pub as well. If I edit a post and submit, the form is accepted but then the edits are simply scrapped. When I re-review my msg, the edits did not stick. This is a very old Lemmy bug I think going back over a year, but it’s bizarre how it’s non-reproducable. Some instances never have this problem but sdf and infosec trigger this bug unpredictably.

0.19.3 is currently the best Lemmy version but it still has this bug (just as 0.19.5 does). A good remedy would be to install an alternative front end, like alexandrite.

Political parties around the world have flocked to nationbuilder.com for some reason. This tor-hostile Cloudflare site is blocking Tor users from accessing election info. This kind of sloppy lazy web administration is common.

But what’s a bit disturbing is that when I contact a political party to say I cannot reach their page because of the nationbuilder block page, they sound surprised, like it’s the first time they are hearing about web problems. So Tor users are lazy too. That’s the problem.

cross-posted from: https://lemmy.sdf.org/post/24375297

> Tracker pixels are surprisingly commonly used by legitimate senders.. your bank, your insurance company, any company you patronize. These assholes hide a 1-pixel image in HTML that tracks when you open your email and your IP (thus whereabouts). > > I use a text-based mail client in part for this reason. But I got sloppy and opened an HTML attachment in a GUI browser without first inspecting the HTML. I inspected the code afterwards. Fuck me, I thought.. a tracker pixel. Then I visited just the hostname in my browser. Got a 403 Forbidden. I was happy to see that. Can I assume these idiots shot themselves in the foot with a firewall Tor blanket block? Or would the anti-tor firewall be smart enough to make an exception for tracker pixel URLs?

Tracker pixels are surprisingly commonly used by legitimate senders.. your bank, your insurance company, any company you patronize. These assholes hide a 1-pixel image in HTML that tracks when you open your email and your IP (thus whereabouts).

I use a text-based mail client in part for this reason. But I got sloppy and opened an HTML attachment in a GUI browser without first inspecting the HTML. I inspected the code afterwards. Fuck me, I thought.. a tracker pixel. Then I visited just the hostname in my browser. Got a 403 Forbidden. I was happy to see that.

Can I assume these idiots shot themselves in the foot with a firewall Tor blanket block? Or would the anti-tor firewall be smart enough to make an exception for tracker pixel URLs?

A home insurance policy offers a discount to AAA members. The discount is the same amount as the cost of membership. I so rarely use a car or motorcycle that I would not benefit significantly from a roadside assistence plan. I cycle. But there are other discounts for AAA membership, like restaurant discounts. So my knee-jerk thought was: this is a no-brainer… I’m getting some benefits for free, in effect, so it just makes sense to get the membership.

Then I dug into AAA a bit more. The wiki shows beneficial and harmful things AAA has done. From the wiki, these points stand out to me:

Even though the roadside assistence is useless to me, the AAA membership comes with 2 more memberships. So I could give memberships to 2 family members and they would benefit from it. But it seems I need to drop this idea. AAA seems overall doing more harm than good.

(edit) And doesn’t it seem foolish to oppose mass transit even from the selfish car driver standpoint? If you drive a car, other cars are in your way slowing you down and also increasing your chances of simultaneously occupying the same space (crash). Surely you would benefit from others switching from car to public transport to give you more road space. It seems to me the anti mass transit move is AAA looking after it’s own interest in having more members paying dues.

I also noticed most AAA club’s websites block Tor. So the lack of privacy respect just made my decision to nix them even easier.

An insurance agent who I called on the phone for a quote demanded my email address. I resisted, said he could have my fax number instead. He said the form he is filling out in order to get me a quote will not move forward without an email address. I got the impression this was not a requirement of the agent but rather the underwriting company, which means no matter which agent sells me the policy it’s impossible to get insurance from that underwriter without an email address. I would be denied insurance with this underwriter had I not supplied an email address in a phone conversation. They assume if you have access to a phone line, you have email.

So I gave him a disposable. This is still not an okay solution. The quote he sent by email traversed Microsoft servers and contained sensitive information without encryption. It doesn’t matter that MS did not get my real email address considering they still got lots of personal info about me from the quote.

It’s also interesting to note that mortgage lenders require borrowers to always have homeowner’s insurance. So I will dream about pulling this activist move: drop the insurance after securing a mortgage, tell the bank “I cannot get insurance because I don’t have an email address”. Insurance companies tend to refuse to sell policies to someone who is not the beneficiary of the policy, so the bank would not be able to insure the home on their side. I would just love to see that shitshow play out. If anyone wants to drop their homeowners insurance for any reason, this might be your best defense for doing so.

Funnily enough, the insurer offers a “paperless discount”, which means they actually have a paper-sending service for those who are not paperless. Yet everyone must have an email address before they even get a quote.

OSMand used to only crash 1 or 2 times per trip. It was usable enough. Now recently something changed with my config somehow and it shows extreme detail no matter how zoomed out I am. Every tiny street is being rendered. This is killing the app. It crashes so chronically it’s unusable.

Anyone know how to control this?

In “configure map” I have disabled everything except cycling routes. The “details” shows 0/9, which apparently only configures objects, not street details.

(edit) I think the “map magnifier” might be the issue. It was at 25% (the lowest), which I would intuitively think means less road detail. But it’s apparently counter-intuitive. I chose 100% and I seem to get less map detail -- which is what I need because the more detail, the more crashes. So I might have solved this.. need to experiment.

This is crazy. Disney is claiming that a wrongful death lawsuit cannot go forward (paraphrasing):

“sorry, your husband signed up to a Disney+ trial a couple of years ago, hence they accepted T&Cs that clearly stated that any dispute about our products should go through arbitration rather than through courts”.

Even if a consumer carefully reads the terms and conditions, how could they reasonably expect the ToS for a video game would affect the terms they are under at a Disney restaurant? That’s fucking nuts.

Future parents: “sorry kids, you cannot play that video game because there is an arbitration clause and one day you might want to visit Disney’s amusement parks.”

I’ve boycotted Disney for over a decade because of how conservative the corp is and how right-wing extremist they are with politics. IIRC Disney financed the campaign of a politician looking to eliminate background checks on firearms. Indeed, the company who entertains kids is happy to fight against basic gun control. So when Disney pulls a dick move like this arbitration clause it just reinforces the idea that boycotting Disney is the right move.

(edit) wow the ups and downs of the votes are interesting. ATM 9 up & 9 down. Can’t help but wonder who are these anti-human people who are happy to lick the corporate boots of Disney.. capitalist fanatics disappointed that people would object to arbitration clauses perversely applied so broadly? I have to wonder if loyal Disney employees are following this thread.

This is what my fetchmail log looks like today (UIDs and domains obfuscated): fetchmail: starting fetchmail 6.4.37 daemon fetchmail: Server certificate verification error: self-signed certificate in certificate chain fetchmail: Missing trust anchor certificate: /C=US/O=Let's Encrypt/CN=R3 fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. See README.SSL for details. fetchmail: OpenSSL reported: error:0A000086:SSL routines::certificate verify failed fetchmail: server4.com: SSL connection failed. fetchmail: socket error while fetching from user4@server4.com@server4.com fetchmail: Query status=2 (SOCKET) fetchmail: Server certificate verification error: self-signed certificate in certificate chain fetchmail: Missing trust anchor certificate: /C=US/O=Let's Encrypt/CN=R3 fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. See README.SSL for details. fetchmail: OpenSSL reported: error:0A000086:SSL routines::certificate verify failed fetchmail: server3.com: SSL connection failed. fetchmail: socket error while fetching from user3@server3.com@server3.com fetchmail: Server certificate verification error: self-signed certificate in certificate chain fetchmail: Missing trust anchor certificate: /C=US/O=Let's Encrypt/CN=R3 fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. See README.SSL for details. fetchmail: OpenSSL reported: error:0A000086:SSL routines::certificate verify failed fetchmail: server2.com: SSL connection failed. fetchmail: socket error while fetching from user2@server2.com@server2.com fetchmail: Query status=2 (SOCKET) fetchmail: Server certificate verification error: self-signed certificate in certificate chain fetchmail: Missing trust anchor certificate: /C=US/O=Let's Encrypt/CN=R3 fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. See README.SSL for details. fetchmail: OpenSSL reported: error:0A000086:SSL routines::certificate verify failed fetchmail: server1.com: SSL connection failed. fetchmail: socket error while fetching from user1@server1.com@server1.com fetchmail: Query status=2 (SOCKET) In principle I should be able to report the exit node somewhere. But I don’t even know how I can determine which exit node is the culprit. Running nyx just shows some of the circuits (guard, middle, exit) but I seem to have no way of associating those circuits with fetchmail’s traffic.

Anyone know how to track which exit node is used for various sessions? I could of course pin an exit node to a domain, then I would know it, but that loses the benefit of random selection.

And if you try to visit the archive¹, that’s also fucked.

Not sure who these people are.. maybe they are actually watchdogs in opposition to open data.

¹ https://web.archive.org/web/20240925081816/https://www.opendatawatch.com/