It’s a question of security risk profiles.

Security ultimately often times comes with a tradeoff for user experience or privacy.

How does device integrity checks materially affect the security posture for theft when considering this system? Presumably the security checks for remotely unlocking a car is based around credentials and authN/authZ for the unlock service call?

Enforcing client side security has entered the picture recently, but a lot of it comes from security checklists from people saying did you add this check? Sure adding a device integrity check may stop at least one malicious actor, but is it worth the cost? To most companies, they’re going to say they don’t understand or care about the impact.

They could just go back to key fobs since those can’t run arbitrary code.

Accurate time is really important for computers for a lot of reasons.

Cell towers divide time into slots that different phones each get time in. If your time isn’t precise you might speed up or slow down which causes a slot to get a smaller or larger amount of time causing collisions. Handoffs between different towers need accurate timing to know exactly when one tower should release control of a handset.

NTP uses something called stratums. Basically stratum 0 is an atomic clock, stratum 1 is a device that talks to an atomic clock, but internally has its own time keeping. Then all the NTP servers moat people actually use are stratum 2+. Not only that, the Internet adds a ton of jitter because of how unreliable and unpredictable it is.

GPS satellites have atomic clocks on them making them stratum 0. They directly transmit that time. Thus receivers can become stratum 1 and have a very controllable, low jitter time source. Internet NTP isn’t precise enough. This kind of stuff requires microsecond precision.

GPS is used for a lot more than just navigation. It’s used as a precise time clock for many things like ensuring computers can manage data or even wireless Telecom. A lot of computer systems depend on accurate time keeping.

Jellyfin does not handle NAT punching automatically to point that a non technical user can install an app on their TV, see one or more libraries, and connect to my server across the Internet. This is the biggest problem that Plex solves compared to Jellyfin. I can’t expect my parents to install Tailscale or make any changes to their network.

That being said I use Jellyfin. I just don’t share it with my friends.

Does it support Health Connect so I could import from other services or just Google Health? I’ve used Samsung Health for long time and want to move to something open.

Do people still use PS/2 ports?

Surveillance pricing usually makes people think per-person pricing, but the law goes further than just that.

I worked on an electronic shelf label project at a (now defunct) retail project. I’m less worried about them trying to target prices per user while in a store because there are some difficult hardware and software challenges trying to show a price to one person (like what if two people are looking at it.) Showing a per-user price per app is trivial. There’s also laws in most states that require you to pay the price shown on the price tag and trying to target per person risks failing that, though that depends on state enforcement. The system I worked at linked the prices to the point of sale system to ensure you paid the lowest price shown on any price tag in the last few hours (though that was company policy to make complying with the law easier.)

What I am worried about is prices dynamically changing based micro trends like water getting more expensive on warm days. Some people might say that increase prices means increased supply to meet that demand, the real risk is retailers being able to micro optimize prices to better capture consumer surplus as profits. A consumer is un-prepared for that and the consumer will not benefit.

15.0 adds support for OIDC tokens being handed to Actions workflows compatible with GitHub Actions. I was excited to upgrade because I wanted to continue doing cosign Docker image signing, but then I found out that the Cosign transparency log doesn’t support Forgejo. Looks like I need an alternative.

My next biggest problem is the Actions workflow itself. I setup Docker in Docker, but turns out there’s a bit of work in preparing the runners to be on par with what I used on GitHub.

Otherwise, I’ve found Forgejo to be quite good and almost all my private repos are moved over.

Google Fiber unfortunately got sold to a private equity company and merged with Astound.

https://arstechnica.com/tech-policy/2026/03/google-fiber-will-be-sold-to-private-equity-firm-and-merge-with-cable-company/

I wish I had some water meters that I could monitor to take advantage of the Energy dashboard, but sadly I don’t have a submeter I can access.

Home Assistant just keeps methodically getting better!

I use the HA Voice Preview in two different rooms and got rid of my Alexa Dots. I’ve been trying both speech-to-phrase and whisper with medium.en running on the GPU for STT, tried llama3.2 and granite4 for the LLM with local command handling

I’ve been trying to get it working better, but it’s been a struggle. The wake word responds to me, but not my girlfriend’s voice. I try setting timers, and it says done, but never triggers the timer.

I’d love to improve operating performance of my assistant, but want to know what options work well for others. I’ve been experimenting with an intermediary STT proxy to send it to both whisper and speech-to-phrase to see which one has more confidence.

I’d love for my HA Voice Preview to be sufficient to replace my Alexa/Google devices. I even unplugged my Alexa devices. However, it’s been rough going for me. It never responds to my girlfriend speaking the wake word and doesn’t set timers. There’s a number of knobs that define how well it works including the physical hardware (there’s obviously the Voice Preview, but also some community made versions with better mics,) wake word model, conservation LLM model and the speech to text model (whisper vs speech to phrase). If it works well for you, can you share your configuration you’re using?

That’s the option to publish it. I was curious about the aggregated results.

Is there a place to view the device database yet or is that coming soon?

EDIT: Found it here

Are you trying to make an offline website? If so, you could look into using a Service Worker which would give you full control over when the content gets refreshed.

I thought this was using SDKs embedded in apps and advertising platforms. This is a different threat model. You need to block ads and prefer using websites instead of apps which have more access to device info like the advertising ID.

If you’ve got an Android, go to Settings, search for ads, and find the advertising ID and delete the ID. It’s a stable identifier that can be used to identify your phone.

Switch to more private browsers like Firefox for Mobile and install uBlock Origin.

EDIT: I’m not saying this will protect you against IMSI catchers or tower based drag nets. In addition to not bringing your phone, when you do go home you need an entirely different set of tools to protect yourself.

Are those networks marked as hidden SSID networks? Hidden networks require the client STA to broadcast them to find them.

I use it to play music from Jellyfin to my Sonos speakers. It won’t fix a Jellyfin library that has bad data, but it can pull in music from multiple different sources and push to different players.

It works well enough. Some issues where songs get interrupted, but I think that’s issue with the Music Assistant/Sonos integration.

Can’t be a passive adapter or else that would mean DisplayPort and HDMI have to protocol compatible. If they were then we wouldn’t have this issue. Apparently I was wrong.

Unless you’re running VLANs, in which case the inter VLAN is normally handled by the router. I also expose my home lab services over BGP so all my traffic hits the router then comes back to my lab services.