Intro This post explores the option of using GrapheneOS as an alternative to iOS and Android. The main motivator is the ongoing privacy debate that has gained even more traction as Apple announced their child sexual abuse material (CSAM) protection system. Hear what privacy advocate Matthew Green thinks about CSAM on CNBC. The question I want to answer in this post is: Is there a viable alternative to iOS and Android for me that values privacy?...
tl;dr Upgrade kernel to 5.13 & upgrade linux-firmware. Basically, everything works out of the box when installing a vanilla Ubuntu 20.04 (LTS) on the Lenovo Thinkpad X1 Gen9 🤘. However, the fan control is not optimal which leads to fan noise and slightly higher chipset temperatures. This issue can be addressed by upgrading the kernel and related firmware: Upgrade Bios to v1.44 (N32ET68W): use fwupdmgr or manually upgrade from Lenovo’s bootable ISO (n32ur09w....
Recently, I have been working on a new evening/weekend project that I would like to share as it might be useful to others as well. tl;dr distributey acts as intermediary between a key consumer and a key service. It receives requests from the key consumer, fetches the key material from the key service and sends back JWE-wrapped (RFC7516) responses. Why does distributey (say “duh·stri·byoot·i”) exist? Particularly in enterprises, key material is often generated on-premises for compliance & security reasons....
TL; DR: Use MSAL and OAuth ROPC with scope 499b84ac-1321-427f-aa17-267ca6975798/user_impersonation. Microsoft’s Graph API (MS Graph) [1] is a convenient way to access a vast amount of Azure data programmatically. Its use is straight forward and generally speaking painless. However, there are still many Azure services APIs that haven’t been integrated, such as the Azure DevOps API (AZ DevOps) [2]. The AZ DevOps API originates from the Team Foundation Server (TFS) which had its API designed long before MS Graph....
Recently, I ran into the situation where I needed a piece of software, running inside a corporate network, to communicate with a backend service on the internet. The challenge was that, in order to reach the internet, the communication had to go through a forward proxy. However, the software did not have built-in proxy support. This post addresses some options to solve that problem, although not all of them in the same depth....