1PW just generated this for me: mimp-rort-jan-mon-kain-sqin

Not as much entropy as 24 random letters/digit/punctuations/capitalisation. But (for me at least) much easier to read end type in situations where copy/paste isn't available (like from my phone to my dev docker containers)

Once you have a Yubikey (preferably two, so you have a backup if you damage/lose one) - you may as well make _that_ your primary MFA method, and only use TOTP for services you can't enrol your Yubikeys on.

I would want to read and perhaps get legal advice before relying on that interpretation - and before finding I signed over rights to my landlord to make candid porn of me and all his other tenants.

1) What's a reasonable Pixel phone to buy to try out GrapheneOS? Is a 128GB Pixel 7 "good enough" or will I get a significantly better experience with a newer phone and/or more storage?

2) Is there a Graphene alternative that would let me de-google an Samsung A12? Back in the day I had some Galaxy S3 and S4 phones that I installed Lineage on, I have no idea if that's compatible to Graphene and/or still a going thing?

(And then, of course, the plumber gets VC money to expand the business and the drain fix becomes a drain fix subscription, and if you cancel or your credit card expires all your drains instantly block back up again.)

I'm not trying to say "greybeards are better" or "younger developers don't understand fundamentals" - it's more that the learned/ingrained abstractions those two types of developers start from are very very different. People who were familiar with concepts like the 6502's zero page where you get faster performance because you can use 8 bit addressing to access the first 256 _bytes_ of memory, end up with different mental tools and thinking than, say, people who started out their development learning about asynchronous callbacks and promises. One isn't better or worse than the other - but they are very very different.

(Even today's "tiny" CPUs are commonly 32 bit multi core SOCs. ESP32 kinda took over what used to be done with 8bit atmel Arduino class CPUs)

Now with a 6bil market cap is seems.

https://news.ycombinator.com/item?id=8863

(Apologies to BrandonM for reminding everybody...)

Like poet/warrior/advisor that convinces the King to give them one grain of rice on the first square of the chessboard, two grains of rice on the second square, four grains of on the third square, eight on the fourth - and so on, doubling the number of grains each square until the 64th square. The King can no more deliver 2^64 grains of rice that PG's founder keep her 93% growth rate consistent for 64 months (or even the calculated 9.5 months to make her a billionaire).

Yes, it's true that a very few tech startup founders create billion dollar wealth by "making what the people want" - but anybody trying to tell you the naive compound interest math makes it inevitable, is trying to sell you something (like perhaps their companies startup accelerator program or venture capital investment opportunities).

I wonder if someone's trying to work out if they can keep GCP alive when there's no ram or cpu to be bought at any price because the AI companies (including the AI division in Google) and Nvidea have completely broken commodity compute hardware supply chains?

Is there anything that typically _requires_ vendor blobs to let a phone run as a usb ethernet connected linux-ish node? So no camera, screen/touchscreen, wifi/bt/cellular radios, gps, nfc/rfid, or stuff like that?

I know RasPi relies or (or perhaps used to rely on?) some Broadcomm blog to boot - from memory something to do with getting the GPU to boot/configure before booting the cpu(s). I could easily see Samsung or Huawei intentionally building something like that - or ending up like that because the rushed and half assed the design and engineering.

Back when I was on Twitter and following a lot of infosec accounts, it was quite common to see tweets that were just a hash. Sometimes they'd have an explanation "Zero click RCE in Android 10 - {hash}"

In the past I've used gmail for this internally - email a hash of something critical (logs, configurations, decision docs, etc) to a dedicated gmail account - relying on the in feasibility of "faking" the date/time once it's onb Google's servers.

The important thing here would be to make sure those hashes are published somewhere where its technically infeasible for the police to change it after the fact, so not on a platform the police run or p-aid for (or that is run or paid for by an organization that the police can request or coerce the operators to make changes).

(And _now_ I'm wondering how hard it'd be to forkbomb their agentic workflow?)

http://www.cypherspace.org/adam/uk-shirt.html

A t-shirt with a Perl script that implemented RSA encryption strong enough to be technically illegal to export from the US.

(I must sadly admit to being too cowardly/sensible to have taken that shirt to the US in the late 90s...)

Not impossible, but it feels pretty unlikely that'd work inside the enclosure of a typical ALPR camera and at the distances devices would typically be away from them. Not without national security or military budgets at least. (Although perhaps that have that kind of budget? I mean one insular and NIMBY tech billionaire could pay for that in their San Francisco neighborhood. Possible already has, perhaps that where this company came from?)

On the other hand, I'd bet for under $10 you could build something with an ESP32 and a battery and solar panel that could spoof signals these things will believe all day.

I'd start with transmitting signals with MAC vendor prefixes identifying Axon Tasers and Bodycams. Make it look like there's thousands of cops going past every day.

I'd love it if someone managed to get a bluetooth and wifi sniffer close enough to the CEO of Flock and publish that fingerprint. Or sneak a sniffer into a Flock board meeting and sniff out all the board members and c suite's devices. Or a meeting of local politicians and cops who're supporting and paying for this. I mean, that can't possibly be illegal or even wrong, if they're doing it wholesale, right?