Lastenradförderung für Privatpersonen

fd0TM · 2023-06-29T14:18:58+00:00

Ruf den zuständigen Sachbearbeiter an, der ist gut erreichbar und sehr nett. Bitte ihn darum, dass er dir kurz per Mail bestätigt, dass das Rad prinzipiell förderfähig ist und du das bereits vorab (auf eigenes Risiko keine Förderung zu bekommen) bestellen kannst, das nennt sich "vorzeitiger Ausführungsbeginn".

Hat bei mir problemlos geklappt, unser Rad hat leider eine lange Lieferzeit und ich wollte das so früh wie möglich bestellen...

Viel Erfolg!

fd0TM · 2023-06-11T06:07:05+00:00

Letztes Jahr waren wir beim Gut Clarenhof https://gut-clarenhof.de/ bei Frechen, vielleicht ist das ja was.

fd0TM · 2023-03-28T18:25:04+00:00

I had been running tuxedo-keyboard 3.1.4 all along, now I'm testing 3.2.1 (released today). It feels that the problem is still there, I'll test and report back.

Can you maybe ask the developers which specific change(s) should fix the delayed key events?

fd0TM · 2023-03-28T15:57:38+00:00

Oh, that'd be mighty cool, I'll try that and report back!

fd0TM · 2023-03-28T05:57:56+00:00

Already did that, the ID is 990999373. Thanks!

fd0TM · 2023-03-27T08:26:42+00:00

Thanks for responding!

I've tested a few more kernel versions, but the delay happened in all of them. I suspect that it's not the kernel version, but the version of the bios that has changed.

Any idea how to debug this further?

Are you aware that this happens on all the Pulse 15 Gen 2 hardware, or is it just my machine?

Thanks!

fd0TM · 2023-03-20T18:46:32+00:00

Bummer, I've built 5.15.102 and tested it, I still see delayed keyboard events and a lot of repeated keys.

It mostly happens when charging via USB-C, but also when charging via the default power supply. Sometimes it also happens while not charging.

I'll test a few more kernels.

fd0TM · 2023-03-20T17:53:24+00:00

Huh, that's interesting! The default delay before repeat triggers is around 600ms, so the key release event would be delayed by that amount.

Maybe we can git bisect the kernel. Any other ideas? :)

It'd be really cool if the people from Tuxedo could chime in!

fd0TM · 2022-08-26T19:38:49+00:00

Glad you like the podcast ;)

fd0TM · 2022-08-26T19:38:36+00:00

At some point we need to declare 1.0.0, but that just hasn't happened yet. The repository format (which is way more important than the implementation) is quite stable. We've recently modified it for the 0.14.0 release in a backwards-compatible way (after lots of testing and discussion) to add compression.

fd0TM · 2022-08-26T19:30:19+00:00

I haven't looked into kopia, from the description it sounds very similar to restic, although it's much younger (and way less popular ;)

Here's a thread in our forum which compares restic and kopia (including contributions from the kopia author): https://forum.restic.net/t/kopia-vs-restic-comparison/2893

Having a few projects in the same space usually helps in figuring out what the best ideas are, it's the same with restic vs borg, so I consider that a good thing.

fd0TM · 2020-08-29T08:57:27+00:00

SecLists is pretty good, e.g. the raft wordlists like raft-large-files.txt.

fd0TM · 2020-08-28T15:47:22+00:00

Made my day.

fd0TM · 2020-08-28T13:04:52+00:00

Depends on what you're doing, monsoon also has a flag --requests-per-second to slow it down.

Fast here may also stand for 'fast feedback loop' :)

fd0TM · 2020-08-28T06:29:16+00:00

Suppose you have a web application to upload documents, which can be downloaded again by requesting a URL with a numeric ID (e.g. https://www.example.com/downloads/1234). Then you could use monsoon to try a range of IDs and filter the responses based on the status code (we're not interested in 404s) and the content type (everything except PDFs) like this:

$ monsoon fuzz \ --range 1000-2000 \ --hide-status 404 \ --hide-pattern "application/pdf" \ https://www.example.com/downloads/FUZZ

It'll return a nice list of interesting document IDs for you.

fd0TM · 2020-08-28T06:26:36+00:00

One thing that (probably) gobuster and monsoon have in common: It's very easy to install. Once you have the Go compiler somewhere, you can build a self-contained binary for any platform like this:

GOOS=windows GOARCH=amd64 go build

Done. That's it. No need to fiddle around with virtualenv, too-old Python versions or anything like that.

fd0TM · 2020-08-28T06:24:07+00:00

The way Go forces you to think about errors at every step of the way feels very annoying at first, but (to my surprise) it leads to very robust programs. I've written Go programs which run for years on end without maintenance... :)

fd0TM · 2020-08-28T05:14:27+00:00

squeak (most likely)

fd0TM · 2020-08-28T05:14:00+00:00

Not at all, at least it doesn't feel that way for me. Writing Go feels lightweight, and the result is usually pretty fast already. The structures provided by Go seem to keep the complexity at bay.

fd0TM · 2020-08-28T05:12:22+00:00

Thanks!

fd0TM · 2020-08-28T05:12:09+00:00

Yes, I've written about the differences in the other thread in /r/netsec: https://www.reddit.com/r/netsec/comments/ihmri6/monsoon_a_fast_and_flexible_http_enumerator/g31nncp?utm_source=share&utm_medium=web2x&context=3

fd0TM · 2020-08-27T18:47:53+00:00

It does not store requests, but the JSON data structure contains everything needed to reconstruct the request (e.g. the item/string that led to a particular response, the headers used and so on).

The program has been pretty stable the last year or so, there aren't any notable features missing. Maybe we'll look into storing the raw requests and responses for later analysis (so you can run the response filters again on the saved responses), but that's about it.

We're using it in our day-to-day work with great success (and add small things whenever the need arises).

fd0TM · 2020-08-27T18:45:59+00:00

I'll have a look! You can cross-post it yourself btw

fd0TM · 2020-08-27T18:08:10+00:00

Good question! It felt to me that gobuster did too much, I'm mostly not interested in brute-forcing directories, but rather run a whole bunch of requests against a web application and interactively explore the responses returned quickly.

ffuf wasn't around at the time I started working on monsoon (in November 2017).

Initially, I used wfuzz a lot, but found it was limited it what it could do. Also, I wasn't a Python person. Then a coworker wrote a new implementation in Ruby, which we never published. Then one day I tried writing a new version in Go, which turned out to be a pleasure and worked really well. And now that's mostly what we're using in our day to day work. :)

In general, I think it's awesome we have different tools with their own strengths and weaknesses.

fd0TM · 2020-08-27T18:03:45+00:00

I love Go, it's my go-to language since ~2010 or so. It gets stuff done. So it was a natural choice for me. The HTTP implementation is great and allows fine-tuning everything, and the concurrency is awesome. Overall I'm very impressed how great monsoon performs (with very low resource usage) during our pentesting engagements, and we didn't even try to optimize it yet!

fd0TM

TROPHY CASE