It was purchased by Epic Games a year ago, who recently sold it to Songtradr, a licensing platform for background/‘mood’ music. Songtradr only retained 50% of existing Bandcamp staff (the rest were laid off a few weeks after the sale AFAICT, with the worst affected departments including Bandcamp’s editorial team and customer support. Epic Games handled the severance package, for some reason.)

People are pretty upset about the editorial team being laid off because it provided exposure for smaller/niche artists in a weekly publication. I’ve never checked it out personally checked it out because I never knew it existed - wishing I had now

Such a large layoff so quickly by the new owner feels like a sign of darker times ahead for Bandcamp IMO, seeing that it’s apparently been profitable since 2012 (Wayback link, new owners have nuked this from the site?). No need to milk the cow even more when the bucket is full…

In the day and age of streaming sercices like Spotify, record labels/companies like Sony Music etc should not exist IMO.

Back when people purchased their music from brick and mortar stores on vinyls, cassettes, and CDs, they had a place to facilitate a relationship with distributors etc to get your music on the shelves, handle marketing and a bunch of other stuff. Nowadays, this all can be done digitally, independently.

Edit: clarify record label

R.I.P. Bandcamp

I miss seeing the “Macromedia Shockwave” loading screen when firing up online games on Win 98 back in the day 😢

It kinda depends on the setup I think, especially when vlans and firewalls are involved, you’d likely need additional payloads to make further progress in that kind of environment IMO. Something granting persistent remote access to the compromised machine would be the most ideal option.

As always physical access is pretty much game over though lol.

My cams are only accessible via an authenticated endpoint hosted on a dedicated machine, which acts as a “bridge” between the VLAN that the cameras are on (no internet access), and another VLAN hosting internal services, like home assistant, plex etc.

Aside from physical access, the only way to access the cams (that I can think of) would be via some exploit in Home Assistant, or by brute forcing the password to (any of) my network switches to access the management VLAN, changing the VLAN the cameras are set on to something else (bypassing the routing, firewall setup, and auth “bridge” entirely). Or maybe just exploiting the bridge machine directly and dropping a payload to forward the cams out to the net via the services VLAN

With physical access, you could chop up the PoE for an external camera and using that as an ingress point - but you’d only have access to the cameras and the bridge machine unless you exploited that too. At this point the zabbix client on the bridge machine would have notified me that a camera’s dropped off the network, unless you dropped a payload to force it to return a good status lol

Does sound like a very fun exercise though tbh

Seems like a smart strategy, sounds a lot like a bus but just automated and much smaller in size, particularly running through residential areas that are typically seen as not worth transport investment.

The minivans are probably much easier to climb into (for injured or impaired individuals) compared to an SUV which may have an unnecessarilly high ride height and a door that doesn’t slide across for extra room

Mic drop

Dang, that thing is the bees knees!

Would make more sense to replace just the batteries rather than the whole unit IMO. Looks like it takes standard 12v 7Ah sealed lead acid batteries, so should be doable for under $120 (if you buy them individually and use the existing battery harness)

I have three other UPSes, but none of them are as good as yours lol:

• APC SUA1500RM2U - was a great online rackmount unit, stopped using this a few years back because of its tendency to overcharge batteries without a charge controller ADC calibration mod. It wrecked my last battery pack bad 😭 plan to convert it to LiFePo4 and put it back into service 🤞
• Zigor Ebro - cheap and cheerful line-interactive UPS for the modem, network switch and CCTV cameras. Switchover time is pretty much instantaneous, worth every cent paid and has kept my network up through many outages
• Cyberpower UT650 - A temporary offline UPS to hold the server gear specifically until I get the APC back in service. Honestly not worth the cheap price, the switchover delay is long enough to shut off anything that’s not a server PSU with massive bulk capacitors

Edit: fix bullet list formatting

@[email protected]

Flash drive hidden under the carpet and connected via a USB extension, holding the decryption keys - threat model is a robber making off with the hard drives and gear, where the data just needs to be useless or inaccessible to others.

There’s a script in the initramfs which looks for the flash drive, and passes the decryption key on it to cryptsetup, which then kicks off the rest of the boot mounting the filesystems underneath the luks

I could technically remove the flash drive after boot as the system is on a UPS, but I like the ability to reboot remotely without too much hassle.

What I’d like to do in future would be to implement something more robust with a hardware device requiring 2FA. I’m not familiar with low level hardware security at all though, so the current setup will do fine for the time being!

Free real estate 😂

I’m in the same boat as @[email protected], lab has been nice and stable and have nothing to contribute as of yet.

At the beginning of the migration I was popping in and out of r/homelab, but as it stands now I haven’t visited there in ages!

Missed one

• CEO

If MIT AppInventor is still kicking around, you should be able to use it for this… although sadly you won’t have access to the source code since it’s a Scratch-like way to create apps.

By default the Android voice assistant uses Google tech AFAIK, if you’re after a truly source-available solution then there’s ”Futo voice input" to handle STT, and “RHVoice” to handle TTS - though these would still need a HTTP API bridge to do what you want

I think so, assuming these malicious packages are all primitive enough to just look for the single file in a user’s home folder lol. The only downside here is needing to provide the keyfile location to ssh every time you want to connect… Although a system search would pretty much defeat that instantly as you mention

SSH keyfiles can be encrypted, which requires a password entry each time you connect to a SSH server. Most linux distros that I’ve used automatically decrypt the SSH keyfile for you when you log in to a remote machine (using the user keyring db), or ask you for the keyfile password once and remember it for the next hour or so (using the ssh-agent program in the background).

On Windows you can do something similar with Cygwin and ssh-agent, however it is a little bit of a hassle to set up. If you use WSL i’d expect the auto keyfile decryption to work comparably to Linux, without needing to configure anything

Is Tesla still training the Autopilot neural network in 3D worlds, or are they now entirely relying on driver data?

Honestly I think developers should just use push notifications to tell the app to directly fetch the notification contents from their server, rather than sending the contents of the notification using push, where it is stored by Apple/Google.

Or do what Element and Syncthing do, which is bypass that entire Google push infrastructure (FCM, formerly GCM?) and connect directly to their own ones instead - at the expense of some additional battery consumption, particularly when there’s poor cell service. Due to iOS restrictions on background apps, this probably isn’t possible on that platform?

Edit: add clarification

In the rural areas near where I am, gigabit fiber in underfunded areas is being installed, but sadly a vocal minority of residents keep burning up and sawing down the new fiber internet poles.

Of course we don’t hear about the good news from areas where it’s installed drama free, but the bad news where something goes terribly wrong is the one that sticks, and affects the general public’s impressions of a particular area or stereotype 😒

Admittedly the pole installation method for this is quite odd though, maybe a cost saving measure as usually it’s done underground

This only really happens when fuckcars posts show up on /all IMO, where some of the more extreme opinion holders are more vocal.

Fuck cars means fuck car dependency, i.e. places designed specifically for cars: no sidewalks, no bus, no train, no safe bicycle or light motorized assistive vehicle infrastructure available - you need a car for everything, or stay trapped at home.

It doesn’t mean fuck cars literally.

It’s pretty well known that rural areas, by design, require cars and motorbikes to travel out of them - a train is ideal, but good luck convincing anyone to finance that kind of project. A bicycle could work well for moving around town though depending on how safe it is, saving some wear and tear from your vehicle

I think they would start obfuscating the relevant code to get around it

Many ad networks and AABs do something similar (especially Admiral) in an attempt to evade ad blocking extensions