Me again.
I am an idiot.
Got an email from abuse@myhoster, that someone had notified them I was leaking… … a gitlab access token which allowed reading the list of projects on my gitlab and allowed read access to all of them Some of them had data I should never have put on a gitlab on the internet.
Why?
I point back at line 2 of this post.
Just saying, the more you know, the more you can fuck up. I’ll spare you the details but from now on I will:
only use access tokens with an expiration date in the next few months
use project specific access tokens
only give read_repository access to the tokens, I will never need anything else.
no longer put the equivalents of passwords on my gitlab.
I want to point to line 2 once again.
edit: also traefik 2.10 doesn’t do wildcard certificates the same way 2.9 does or maybe not at all. additional 5 hours of debugging while my mailserver broke. thanks.
British Gas rang on Thursday to “arrange my smart meter fitting.” I don’t want one. They tried to argue there was zero risk of hacking, but the claim that the mobile phone network, which is used for remote reading, “is not radio” rather spoilt their case.
Eon keep trying to push me to get one. I’ve told them multiple times that I don’t own the flat and (if my landlord said it was fine) I have no access to the meters, so wouldn’t be able to have them install it. But they still keep sending me letters and emails about it.
I’m doubly skeptical that it would even work as the meter cupboard is just off the building lobby and you get almost no signal in there.
There’s a government target for adoption which is nowhere near being reached, so they’re getting a bit desperate. (And of course once you have the thing you can never get rid of it.)
Next time they claim there’s no rick of hacking, I’ll ask about the liability they assume. That should get rid of them for a while. “Smart Meters” are a typical political “doing something” that won’t help significantly.
As a consumer, assuming everything works as designed:
I can have the rate I pay adjusted up and down every hour without my being informed.
I can have my electricity cut off individually when demand is high (rather than at the whole substation level), because people on the priority register e.g. relying on oxygen generators to stay alive can have their meters tagged as such and excluded from the shutdown. So power cuts become easier for the gridco to implement.
I can pay a third party to pay the powerco to get access to my metering data. I can’t connect to the meter and get the data directly. If something goes wrong with the reporting, I have no recourse; the powerco is right.
I can have a pile of e-waste every few years when I need to pay to get a new one that supports the new mobile data protocol. (Modular? What’s that?)
And yet it’s sold as “this will help you to save money”.
It’s interesting to me that they even ask for permission… here in Colorado everything is corporate, so they just changed ours, and then told us that they changed it after it was already done
Around here, the electrical company has made them entirely optional. You can opt not to allow them to install one, at which point point the utility opts not to have you as a customer. Few (quite possibly none) of the utility deployed meters in the US talk over cellular, they use a couple of specialized networks that exist so smart meters can talk to each other. I rather expect the security on them is, er, poor.
I want someone to set up a web page which says “What did we just tell you?!”, make stickers with QR code for that, and then replace the codes on these adverts.
The other week I spent about an hour trying to output a date with the current java date formatting library. My colleague was almost falling from his chair after my sixth attempt led nowhere and I reverted to SimpleDateFormat…
Also our best bug yet was related to Austria having a different switchover to daylight savings sometime in the 80s. Try to find that one.
Also. I spent some time this week-end to get plex onto our new homeserver… and when I succeeded of mounting the samba shares from our NAS only a few movies and shows showed up in the library. My partner had failed to read up on plex capabilities: it cannot play ISO images. Because our NAS is full with backups of his DVD/Bluray collection.
And the internet is filled with articles about how converting ISO is the only way to play the movies on plex and my partner spent months backing up is movie collection precisely to get the ISO images to preserve the original as much as possible.
Well, since Plex is the first website I came across that that keeps telling me I need to enable web-drm in my browser I am not all that mad that we’re probably not keeping it.
Some of them had data I should never have put on a gitlab on the internet.
)