litchralee

joined 3 years ago
[–] litchralee@sh.itjust.works 7 points 1 day ago* (last edited 1 day ago)

Is that something you're looking for? As a practical matter, the effort to maintain multiple release branches and backports -- compared to the norm of just maintaining a single main branch -- is an outsized effort, available to only well-funded FOSS projects, usually by having an industry sponsor that makes it a priority.

I posit that the grand majority of selfhosted FOSS software, by project count, do not have back ported branches. And so production environments will want to set up an offline validation setup to evaluate update, prior to making the switch. Not convenient, sure, but not exactly insurmountable either.

At some point, some amount of responsibility for use of FOSS software must fall upon the users, or else the project is less about creating value by building up the commons for software, and more on the exploitation/abuse of the volunteers.

[–] litchralee@sh.itjust.works 10 points 1 day ago (2 children)

Downside: breaking changes are fairly common AFAIK.

By my extremely cursory reading, this stopped being a problem after the v2.0.0 release, when they adopted semantic versioning. According, breaking changes would only occur when the major version number is rolled. And version v3.0.0 was just released 5 days ago, whereas v2.0.0 was released in October 2025.

It may be down to taste, but I view 9 months as being acceptable, given the breadth of features offered and the folks willing to put effort into the project.

[–] litchralee@sh.itjust.works 7 points 1 day ago* (last edited 1 day ago)

There are indeed places where large amounts of human activity takes place underground, often being metro systems and their associated retail spaces; Tokyo Station in Japan comes to mind as having an underground mall attached to it.

But the same caveats for underground construction of transportation systems also apply to all other underground structures that humans would like to build. Consider the differences between ground conditions in: the San Francisco Bay Area, Denver, and New York City.

The Bay Area is the outlet for major rivers in northern California, bounded by mountain ranges on virtually all sides. The surface is either a thin covering of soil atop this mountain rock, or is a layer of looser soil or mud, made from the sediments carried in by those rivers. This makes for fantastic agricultural conditions but presents a real risk of liquifaction when there's an earthquake. While an underground structure wouldn't fall over -- because it's within the ground -- it could certainly lose its supports unless it has piles all the way down to the rock. And that's only buildable on the narrow shoreline region where there's sufficient depth before hitting the rock layer.

With Denver, it's basically all rock, so to build within the rock would require blasting it away and building within the hole, or to build normally then bury the structure in fill, so that it's below grade.

With NYC, it's a different story because the ground conditions make it fairly easy to dig tunnels and drive piles, and the bedrock layer beneath Manhattan is strong enough to support the weight of supertall-class skyscrapers. On this point, the New York Fed's Gold Vault is in the basement in Manhattan, precisely because the volume of gold inside would be a serious strain on any foundation and the geology beneath.

All that said, the surface conditions in some extreme climates may warrant building underground, or avoiding the underground outright. Burying a dwelling in New Mexico would make a lot of sense, due to the hot and dry Southwestern climate. But in Alaska, an underground dwelling would cause melting of the permafrost layer below, resulting in a similar situation to liquefaction. I suppose this can be mitigated, but it would be a monumental effort, akin to Camp Century in Greenland. That project was abandoned due to changing ice geology.

[–] litchralee@sh.itjust.works 3 points 1 day ago* (last edited 1 day ago)

I generally shy away from downvoting even things I dislike. I don't want to fall into an echo chamber where all I see are only the things I agree with.

This is not how Lemmy works. If you don't ever up or down vote anything, and if you have your client hide the up/down votes on all comments and posts, you will still see the same content as someone who prodigiously votes. Votes here are, in the truest possible way, optional.

But for people who do utilize up/down votes, they are a signal. Sometimes they're a weak signal, sometimes a bad signal, and yet other times might be a strong signal from the community. How to evaluate the signal is a matter of continued debate.

Now, as an aside, a major difference in the Fediverse compared to commercial social media networks is that the block functionality here is used for more than just dodging abusers. Precisely because there is no algorithm, blocks and mutes are how users curate what they don't want to see. This alone does not create a so-called online echo chamber, the same way that most people don't want to see a steaming pile of poo on their morning walk. People reasonably deserve to have a pleasant experience online. And depending on their life circumstances, this might be a lot better than their IRL situation.

[–] litchralee@sh.itjust.works 2 points 2 days ago

You can, of course, engineer reliable things from unreliable components.

I think the only way this statement can hold true in all circumstances is if we select an arbitrary boundary for what constitutes "reliable". And that's no small matter, because the threshold of reliability in a consumer IoT device would be inappropriate in a commercial or automotive setting, would be deeply wrong for industrial personnel safety, would be manifestly unlawful for a military or aerospace application, and potentially fatal for medical use.

Engineering is all about balancing a set of objectives, be it cost, time to market, efficiency, size, weight, or competitive advantage, and more. Doubling up as a way to improve reliability necessarily implicates size, complexity, and efficiency, but that's tolerable for large data centers where the customer counts servers by the number of floors, not the number of Rack Units (RU). But no one would accept installing two pacemakers because one of them might fail early; that's an intolerable solution to the product's base objective.

As it happens, most USA jurisdictions only require a single brake on a bicycle, and it doesn't even have to be on the more-effective front wheel. But the idea in law is to enforce the absolute minimum of requirements: having no brakes at all is where the line has been drawn, for a mode of transport that rarely gets above 50 kph (~30 MPH). But even then, all commercial bicycles for sale must have two brakes, so the law implicitly allows for some lost redundancy, because even one brake should be enough.

Could a bicycle brake be developed such that it is inherently always able to stop? Likely yes. Would it appreciably improve macro safety objectives such as by reducing collisions with stationary objects? No, not really.

And that's the rub: just because engineers can double up things to get more redundancy, is this any better than the alternative? If an LLM is used as a search engine, is that appreciably better than using "grep", a battle tested, secure, locally-ran application with a lineage harkening back to the 70s?

The drawback with inherent unreliability is that it can only be statistically reduced, but never eliminated. NASA understands this risk better than most, because cost pressures mean they can't be using military-grade hardware for everything. Perhaps then, it can be better said that engineers also have to balance risk in their decisions, and as it stands right now, the risk/uncertainty for LLM output is unquantifiable by any existing approach.

Academics have long been researching ways to make LLMs "safe", so that their outputs are constrainted in concrete ways. But I believe they've long concluded that the current approach of generative transformers simply cannot have safety "bolted on" after the fact. New constructions for machine learning will have to be invented with safety from day zero. The academics continue to work on that, while the commercial AI vendors are barreling ahead with LLMs, in spite of their risks and in the pursuit of a return.

I've not seen anything that would suggest the academics are wrong, nor that industry has managed to produce large safety or reliability improvements, so at this point, I only see a plateau and dead end for the industry. Maybe if the industry would put more into R&D and theoretical work, this would be a lot more graceful as they run up against the buffer stops.

[–] litchralee@sh.itjust.works 6 points 2 days ago* (last edited 2 days ago) (1 children)

If a Nintendo Wii counts as retro, there's at least one person hosting a website using one: https://infosec.exchange/@alexhaydock/114377262481451962

But that was (incredibly!) able to run a prebuilt version of NetBSD, which had drivers for the official Wii USB LAN adapter. If instead there's a piece of hardware that can boot an OS but doesn't have a network interface device, then SLIP could be useful. Here's a vape hosting a website: https://bogdanthegeek.github.io/blog/projects/vapeserver/

And if still, said retro device has no concept of IP or networking, can it at least speak serial over a 300 baud modem?

[–] litchralee@sh.itjust.works 2 points 3 days ago* (last edited 3 days ago) (1 children)

Then there is the modern usage of the terms which seem to vary based on who invokes the[m]

I think the thing to keep in mind is: 1) words evolve over time, and 2) the people using those words might be abbreviating what they actually mean, because they don't know that there's another related concept that is named similarly. The best example of the first is how "truck" in the 1910s meant what we now call a "hand truck", and "car" from that era meant traincar. Whereas in the 2020s, "truck" and "car" both refer to automobiles, and we had to create the backronyns of "hand truck" and "rail car" to avoid confusion.

I don't think your theoretical understanding of Marxism is wrong -- though I've not read enough to confirm -- but I would hazard against using other people's wrong definitions and usage guide your own understanding. If you understand the ideology, then it's a matter of rendering it using the right words; that is, it becomes a communications problem.

For example, Republican politicians will use the term socialism to mean communism and vice versa

I would especially not suggest relying on right-wingers to properly use -- let alone understand -- left-wing ideology, since their objective is to denigrate leftists through FUD and infantile repetition. Basically, the maxim of "if enough people are 'talking' about something, it must be controversial" or "I'm just asking questions bro", neither of which are anywhere approaching a good-faith discussion on the merits.

Some politicians like Mamdani or Bernie will describe socialism to mean a more humane type of capitalism that has other priorities other than pure profit seeking

How the two use the word "socialism" is almost always understood as a shorthand for what Europeans would call "social democracy". So it's definitely on the list of valid implementations of socialism, but is specifically about reforming an openly capitalist system into something more egalitarian. That said, "social democracy" still leaves out a lot of details which need clarification: do Mamdani or Bernie support (re)building the social safety net? Does the state need to also own railroads the same way that they own highways? For the former, there's the standalone word "welfare state", but I'm not aware of a compound phrase that means "social democratic welfare state", if that even describes Bernie or Mamdani at all. I'd certainly love a word that means "social democratic welfare railway state" but nothing has caught on.

I think that should underscore my point: even after resolving exactly which word they might be abbreviating, there aren't enough short words to succinctly describe any particular ideology. Rather, the words are useful to get a rough idea of a person's views, but ultimately, every one and every candidate is going to have a slightly different take on certain questions.

Some people use communism to describe an authoritarian system that has no regard for human agency

I personally refer to this definition as "Stalinist communism", because it does accurately describe how the USSR was operating under Stalin. Essentially, it wrapped a cult-of-personality in the trappings of communist thought, though people like Trotsky pointed out how communism could be done much differently. Obviously, history is quite clear that the Stalinist approach was not adopted as-is by any other country, nor retained in the USSR after Stalin's death. Indeed, I've never come across anyone who genuinely refers to themselves as a Stalinist or who seriously proposes to the adoption of Stalin-style, top-down authoritarian communism. Maybe some right-wing Russians do, but idk. My point is that, like the Republican examples above, Stalin and authoritarian communism is usually only brought up as a "thought terminating answer" rather than to seriously debate the merits of communism, either theoretically or practically.

multiple people will have multiple definitions that most often don't align with how Marxists describe communism and socialism

Yes, because they're usually talking past each other about different things. Being able to detect which definition someone means to use, that's a skill that you can develop for yourself, to have a clearer picture than they do.

I'm primarily writing this comment because I abhor the idea that an idea -- it could be anything, from rocket science to theorrtical mathematics -- is perceived as being an arena where everyone is just making up stuff, and if that should lead to people becoming turned off the idea of studying it for themselves, that's a net-negative. No doubt, some countries, politicians, and agencies want to denigrate or prop up their own definitions, but that just makes it easier to identify fake socialists and "communists in name only".

The merits and failures of socialism and communism deserve to be comprehensively hashed out in the public mind, and it only serves the status quo that this not happen. And the longer the conversation is delayed, the more that the indisputable ails of the status quo will take more victims.

[–] litchralee@sh.itjust.works 26 points 4 days ago (2 children)

There is definitely a difference, and they are not interchangeable. I'll let other people chime in with a rigorous definition for communism, but at a minimum, it must have abolished the state and social classes entirely. So one could say that communism is at the very end of the road, and the various flavors of socialism are the routes to get there.

Various flavors of socialism? Yes, I've written an earlier comment about that, and another one here. In brief, there are many ways to move beyond capitalism.

[–] litchralee@sh.itjust.works 5 points 4 days ago* (last edited 4 days ago) (1 children)

I don't have much to add, since I haven't made the switch to pneumatic tools myself, but one bit of advice is to make sure you're using hoses with as wide of an internal diameter as possible. The connector at the ends is often wider than the internal hose diameter, which is what really matters for long hoses. If your chosen compressor is really loud, then you might want a longer hose to put it farther away, but then have to contend with the hose being a flow-rate constriction.

[–] litchralee@sh.itjust.works 6 points 5 days ago

I've heard of hardware hacking for John Deere tractors, but I like this one the most haha

[–] litchralee@sh.itjust.works 4 points 5 days ago (2 children)

but electricity will always run the path of least resistance, which will invariably be the metal gazebo if they're close enough.

Not according to the USA National Weather Service:

The presence of metal makes absolutely no difference on where lightning strikes. Natural objects that are tall and isolated, but are made of little to no metal, like trees and mountains get struck by lightning many times a year.

[–] litchralee@sh.itjust.works 9 points 5 days ago* (last edited 5 days ago) (1 children)

Despite the USA being somewhat of a political pariah at the moment, it has long been the case that American universities are desirable from an educational perspective and for "clout". Not to say that TU Delft or anywhere else doesn't have name recognition, but being a fully English instruction on a continent with few neighbors, it is a very "exotic" destination to go study at.

With Hollywood and media hyping up the American collegiate experience (eg red Solo cups, fraternity/sorority life, binge drinking, road tripping for spring break, etc), even some non-research public college systems like the California State University (CSU) system will receive international students, while the research-focused University of California (UC) systems remains in the top tier of public American universities, making it extra exclusive, akin to the East Coast's Ivy League schools.

From the university's perspective, they have a commodity they can market to an international audience, so why not charge more? As for why these colleges are behaving like capitalists -- especially the public universities -- it is because of chronic state underfunding: the USA federal government does not pitch in very much to the universities, except as research grants. And when push comes to shove, state legislators will cut university funding, meaning more has to be paid for by students. Some states even slash school funding and then try to replace it with state lottery proceeds, which means schools are only well-funded when there's a gambling epidemic...

Now in your case, it should be noted that the University of Southern California (USC) is a private university, that regularly jostles with UCLA (a UC campus) for the highest ranking as a college in southern California. Accordingly, they are priced similarly for international students but not for domestic students: the UC system first-and-foremost must serve its constituent citizens, so to keep tuition low for in-state students, they will raise the price of out-of-state or international students. USC and other private colleges would follow suit, because free extra money.

We haven't privatized the public universities in the USA, but they're almost operating as though they already have been, charging as much as the market can bear.

 

The convention in the USA for old urban centers and new suburban sprawl is to construct a street or road with a crown that drains rainwater to gutters along both sides of the road, then have storm drains to convey the water from the gutter to some nearby creek or tributary. But why?

Wouldn't it be easier to construct the road in a roughly canal shape, so that rainwater drains towards a single V-shaped gutter at the road's center? This would cut the number of storm drains by roughly half, prevent leaves from falling directly into a drain and clogging it, make it possible to clear a drain by driving a streetsweeper over it, and also prevent a clog from flooding adjacent properties, since the road itself can temporarily impound more water until municipal authorities can clear the blockage (whereas side gutters would invariably flood the sidewalk and carry sharp debris that would damage tires entering a driveway).

Furthermore, a center drain can be built once and then retained as-is each time a suburban arterial needs expanding -- "just one more lane, bro" -- whereas side gutters are regularly demolished and rebuilt to accommodate additional lanes. By routing water away from the edges of the road, sidewalks avoid freeze/thaw cycles, and the road surfacing can be continuous from the curb: no more bike lanes in the gutter. As a convenient benefit, the "drop" off at a curb-cut from a driveway to street level would cease to exist.

And where required to improve water quality due to runoff pollution, a center drain can be excavated and rebuilt as a linear stormwater retention pond, where moderate stormwater can filter into the local soil slowly, with a predefined overflow level that will drain to the existing stormdrain pipes. This is already done for both surface parking lots as well as Interstate highways, so it's not an unproven design.

Narrow alleyways in older cities do use a central drain, so I can't see why the idea stops making sense for larger streets and roads. The only drawbacks I can envision are aesthetic -- a neighbor's excessive lawn irrigation would draw a wet line across half the street -- and that the center channel would also carry leaves and wayward soccer balls into the middle.

But even still, that doesn't seem worse than the status quo: gutters attract all sorts of detritus, but it's usually hidden beneath the wheels of parked cars until something punctures a tire. And at least in water-starved California, irrigation runoff deserves to be noticed and called out so that it gets fixed. There may even be some small road safety benefit from having a V-shape channel in the center, since it would unmistakably divide opposite sides of the street.

For larger arterial roads that have trees in the center, this seems like free irrigation and water pollution control. It even works when the center traffic lanes are converted for running a tram or light rail train.

What am I missing here?

 

cross-posted from: https://sh.itjust.works/post/61250326

A crafted MeshCore node name could compromise any Home Assistant instance running meshcore-card as soon as someone viewed a dashboard with that card.

The same XSS (cross-site scripting) pattern appears to be present in MeshCore-Home-Assistant-Panel-v2 and its HACS variant

To be abundantly clear, and the post goes into detail why, this is not a bug in MeshCore but rather in how web dashboards are not properly sanitizing untrusted input. In this case, the untrusted input is via a field that any malicious MeshCore node could send.

Well worth a read and a follow on their Mastodon.

 

A crafted MeshCore node name could compromise any Home Assistant instance running meshcore-card as soon as someone viewed a dashboard with that card.

The same XSS (cross-site scripting) pattern appears to be present in MeshCore-Home-Assistant-Panel-v2 and its HACS variant

To be abundantly clear, and the post goes into detail why, this is not a bug in MeshCore but rather in how web dashboards are not properly sanitizing untrusted input. In this case, the untrusted input is via a field that any malicious MeshCore node could send.

Well worth a read and a follow on their Mastodon.

 

A reasonable overview of the MeshCore architecture and tunable parameters.

Probably the only part I don't agree with is the idea that the companion/repeater dichotomy is an inherent part of the MeshCore architecture. I don't believe it is, although it's certainly part of the practical implementation. That is to say, if someone wants to use MeshCore purely as a private point-to-point link, then they can jettison the motions of companions and repeaters entirely. As a person to person mesh network, though, companions and repeaters are essential. The distinction I'm trying to draw is that MeshCore can be a lot more than text messages sent amongst friends.

While reading, the explainer for the three-tier t delay seemed especially analogous to me to how circuit breakers are arranged: a nearby power strip might have a fast-tripping 15 amp thermomagnetic breaker, the upstream main panel might be using a 20 amp curve B (moderate trip rate) thermomagneric breaker, and the utility might be using a magnetic 400 amp breaker. By their nature, thermomagneric breakers will handle localized faults that are 3-5x the rating, while the utility's magnetic breaker will trip precisely at 400.1 amps, to protect line-side equipment. Whereas if the utility breaker tripped first, it would unnecessarily black out a whole neighborhood.

Also observe that MeshCore's "flood-then-direct" behavior is identical to that of Ethernet (ie unknown unicast, then unicast), except that Ethernet frames do not get appended with the network path as they progress, which is akin to the postal service where letters arrive at their destination but with no indication of the routing. Accordingly, the MeshCore sender necessarily reserves space to store the mesh route, choosing a tradeoff between node-count (up to 64) or granularity (up to 3 bytes per repeater). This seems complex, but just like with the tax code, complexity is necessary to handle every reasonable scenario.

I will also reiterate the ongoing bug in MeshCore's encryption, which is the use of AES-ECB in the year 2026. Although it's AES-256, ECB has been a known encryption vulnerability for decades and should not have been used in the MeshCore spec. Meshtastic appears to have avoided this particular foible.

Note: the author's blog mentions in the About page that some AI is used to assist in his writing.

 

Background: I spent 40 minutes typing up a reply to a different post, but decided that it ran on for too long. I'll include it at the bottom, but I'm curious to know how much cash is still used in this country.

Certainly, a like-for-like Giro (Europe) system doesn't exist in the USA, with ACH, checks, and Zelle almost filling the void -- albeit incompletely -- which I suspect is responsible for the remaining cash utilization. But is that right? Is cash only used for when there isn't another option? Or is it a matter of consumer preference?

I can understand tipping in cash, or paying for a Craigslist purchase in cash. But maybe I'm missing another dimension? Do some folks pay rent in cash? Or taxes? I'm genuinely curious, but please make sure not to dox your finances in the comments.


My original comment

It's annoying when they get suspicious of a 25k USD withdrawal for instance (even if you managed to prove the purpose of such a withdrawal, it remains at the banks discretion whether they'll approve the transaction).

Let's break this down into multiple points:

  1. Suspiciousness of a 25k USD cash withdrawal
  2. Suspiciousness of a $25k USD electronic or check withdrawal
  3. Necessity to "prove the purpose" of any withdrawal
  4. Bank discretion and considerations regarding withdrawals
  5. Necessity of approval by the bank

I don't believe any of these five points are actually issues. As background, cash withdrawals within the USA are still very commonplace, as the country is fairly rather cash-centric when it comes to businesses, due in part to the lack of a system like Giro (Europe) that has both low, fixed transfer costs and can be sent or received by third-parties. The Federal Reserve's ACH system requires established relationships between accounts, whereas Giro does not. Debit card systems aren't a replacement for Giro either. Zelle (USA) is closer, but still isn't quite as full-fledged. Hence, businesses often deal in cash, pay employees in cash, and consumers pay other individuals in cash (eg buying an automobile).

To that end, for point 1, $25k as a cash withdrawal is not a daily occurrence but it does happen. I can't really think of ever paying for a private party used car by check, and such a cash-heavy transaction is often performed at the buyer's bank, so the seller is assured that the cash is good. In this setting, requesting to withdraw $25k cash is ordinary and mundane, if done very rarely. I doubt even prolific car buyers have this problem, but would be open to hearing evidence otherwise.

For point 2, electronic and check withdrawals have even less suspicion than cash, because they always leave traceable evidence. Money laundering concerns are reduced because the entire money trail can be reestablished later, whereas as cash can easily disappear or be "forgotten". To that end, the suspicion isn't about the cash amount but the source and destination. Even a $1 million check is not suspicious, if it's coming from a law firm's client account to a client's personal bank account. That is, again, a thing that happens fairly regularly. More down to earth, people can and do pay housing deposits by check, and property taxes are often drawn electronically. When one or both accounts to a transaction is prominent and established, there is a low probability of money laundering.

Point 3 is often though to be an issue, due to confusion about regulations for bank clerks on when to file a Suspicious Activity Report (SAR). Bank tellers are required to follow Federal Reserve regulations that aim to prevent abuse of the American financial system for money laundering. An SAR must be filled in whenever the teller: a) thinks money may be laundered, or b) the transaction is above the bank's or regulation's fixed amounts. The latter is often pegged at $10k, so this is where people think that it's disallowed to withdraw over $10k. This is not correct.

An SAR is something the teller fills in, and to do that, they might ask the customer some questions about the transaction. For the grand majority of people, the purpose is quite simple: cash purchase of a car, housing down payment, loan for a friend. Would the teller know if the customer is lying? Nope, not at all. But the SAR forms part of a trail of records, so that money laundering investigators can trace funds in the future. But note that the clerk can fill in an SAR for any type of transaction, including checks, and don't strictly need the customer's truthful answers (or any answers) anyway. An obligation to fill in an SAR does not prevent the transaction from going through. It's a speed bump, not a stop sign.

As for the actual stop signs, that's what point 4 covers. A bank obviously cannot allow a withdrawal if it would exceed the customer's balance, or if they don't physically have enough cash, or if the withdrawal is not authorized (ie not named on the account, or PIN not known), full stop. But other situations may arise where the withdrawal must be delayed, either for the bank's own convenience or because the account agreement specifically requires certain holdings times.

I quickly perused a random account agreement for Wells Fargo and the Available of Funds section describes that new accounts (less than 30 days old) will have elongated hold times for withdrawal against newly-deposited funds. This is applied in a first-in-first-out fashion, so only fully-draining the account would incur the longer hold time. In other cases, the bank may take more time but is required to inform you of that, and provide a definite date for when the withdrawal will clear. This verbiage does not distinguish cash vs non-cash, so they're within their rights to delay a check, as long as they obey their own agreement. If this is not tolerable, find a different bank.

Finally, this also gives us some insight into the default behavior for banks subject to Federal Reserve regulations, which is point 5. A bank may not deny a withdrawal of unencumbered, unheld funds (cash or otherwise), except when the bank has actual knowledge that the withdrawal definitely is for laundering. It is, after all, not their money: it belongs to the customer and they are just the regulated custodian of it. A bank can certainly advise a customer not to fall for a pig-butcherint scam, but they cannot block the customer from obtaining their own money back out. They can, as described earlier, apply a temporary, finite-time hold on the funds, but that's it.

To my knowledge, there is no Fed-regulated, FDIC/NCUA bank or credit union that requires pre-authorized approval to access a customer's own funds. I am open to hearing evidence to the contrary, but I don't believe such a thing exists. How would they even stay in business? To be clear from point 4, a bank can certainly ask for a few day's notice to prepare $50k in new $2 bills. But that's easy enough: just call the bank and verbally request the withdrawal, then collect it in-person days later.

Who is disadvantaged by this? Mostly money launderers and con artists trying to abscond with their scam proceeds. But I'd be remiss if I didn't also mention rich people that prefer to suddenly go on vacation and pay for everything in cash. But the system is designed to be no obstruction to those that plan ahead, or are dealing in such small amounts that it's not a big issue. Normal everyday people all share the costs of money laundering, so it's not fair to disadvantage them just so rich people and scammers aren't inconvenienced by their inability to plan ahead. They don't even have to plan ahead: just keep a few racks in the safe.

It is to me, frankly, a non-issue to withdraw money for me or anyone in the working or middle class, because the very issue of being "flagged by US banks" just rarely even a speed bump. And the rich folks have private banks that will gladly give them inordinate amounts of cash to spend.

What exactly is the problem here, specifically?

 

What can be done

The most glaring problem with MeshCore is that the maintainers do not openly communicate vulnerabilities. Users are left without knowledge of any problems, unable to judge whether to trust MeshCore with their private communication.

 

Here is the thing about open source, Andy: it isn't yours to fence. You don't get to ride a community's goodwill into a USPTO filing and a paywall. You don't get to turn "we built this together" into "I own this, pay me." That isn't a pivot. That's a rug pull dressed up as a business model.

And here is the thing about the "license check" you shipped: it is a 32-bit djb2 hash of the device's Android ID, XORed with the four ASCII bytes MCPP, hex-encoded. That's it. Thirty-two bits. Less entropy than a decent ZIP password. A first-year CS student could break it. You used Claude to generate the code. We used Claude to read the code. It took 19 minutes. The receipts are one click away.

 

CLAUDE CODE JUST RICKROLLED ME. I'm working on a project where part of it will involve videos, and in building out the project it created a dummy page, with made up content (relevant to me!) with two video links pretending to be something else and BOTH WERE RICKROLLs.

Note: I'm using a broad definition of "programmer" to include HTML generation, and a broad definition of "humor" that includes Rickrolling. Together, I think this is appropriate for c/programmerhumor. Mods, please remove if not correct.

 

The money quote:

VTA buses and light rail carried 30,000 people to and from Levi's Stadium, according to the agency. That was 5,000 more than they anticipated and "far surpassing" ridership records set when Taylor Swift played there in 2023.

 

As background from the Wikipedia page, the Anaheim Transit Network (ATN) was established as a city-sponsored non-profit in 1998 to operate bus lines around the Disneyland resort in California, with private funding from the various hotels in the area to run this public bus system. These hotels are obliged to operate or pay for shuttles to Disneyland as part of their development agreements with the city, presumably to avoid untold amounts of automobile traffic.

As the linked press release says, ATN will shutter its operations on 31 March 2026. The area will still be served by Orange County Transportation Authority (OCTA), the county-wide bus service, but looking at the bus lines near Disneyland, coverage seems non-optimal as a replacement to ATN's service.

Other reporting indicates that the City of Anaheim was unwilling to invest further into ATN (despite earlier indications), nor were the hotel operators.

What I find utterly inexplicable is that these stakeholders -- especially the city -- are not recognizing this fact: data from Q3 2025 shows that ATN fixed-buses moved 96,300 average daily riders. From the same document, the USA's heavy rail systems did not exceed that rate, except in the San Francisco, Washington DC, Atlanta, Chicago, Boston, and NY/NJ areas. Basically, ATN was moving metro rail levels of people on buses.

I shudder to imagine how bad this will be for Anaheim once the closure occurs, where workers, visitors, and all other former riders will need to figure out how to move around Anaheim. Ride share automobiles hardly have enough capacity to absorb even a fraction of the prior riders, let alone more automobiles, even if they all carpooled. And seeing as many visitors to Disneyland use the buses to stay at farther hotels to reduce costs, this is a negative attraction. The difficulty of car-seats on ride share made the buses particularly attractive to transport younger children safely.

Each individual hotel operator made an economic choice to not properly fund ATN, but together they will all lose out. Likewise, I don't see how the City of Anaheim is going to make up the transportation capacity around the Disneyland area. Disneyland itself isn't party to the agreement that funds ATN, but they do contract with ATN to shuttle visitors from a far-flung parking lot. But they too will be impacted if staff and guests can't afford to get to the park.

Everyone is going to be worse off, and no one is stepping up to the plate to keep the buses rolling, when it's clearly the obvious thing to do.

 

To make it easier for the haulers, I sort my flattened cardboard boxes by size, and then insert the smaller ones within the larger ones, rotated 90 degrees. That way, they can grab larger bundles at once.

To me, this is less effort than the Japanese approach of using twine to tie bundles of cardboard together.

 

Every so often, I think about how much electric power my house consumes at all hours, even when it's the dead of night and nothing is really being used. So this morning, I went out and flipped each breaker off, one by one slowly, while watching the instantaneous kilowatt reading on the electric meter and taking observations.

This took about 20 minutes for all circuits, and then I honed in on the suspicious circuits, the ones which don't have a known appliance like a fridge which should always be running. Years ago, when I moved into this house, I drew out a map which describes which outlets and appliances belong to which circuit.

The two suspicious circuits were the living room and bedroom circuits, and armed with a Kill-o-watt, I ended up finding that my very old Bose Companion 5 desktop speakers will draw 23 Watts doing absolutely zilch. And my 2018-era Roku TCL so-called "smart" TV draws 20 Watts when it's "off".

I've been meaning to replace the Bose speakers -- due to a separate issue where the mute button only works half the time, and horrific Linux support -- and a friend recently offered to sell me some reference speakers that I can pair with a Class D amplifier, one which has a physical on/off switch.

For the TV, I'm not exactly sure what to replace it with, since I was going to wait until it died and replace it with a commercial-spec display, one that has no remnants of "smart TV" anything. I don't allow my TV to even have a network connection or WiFi, so it really shouldn't be doing anything. So I guess in the meantime, I'll just pull the plug when I'm not watching; at least it's easy to reach.

EDIT: the TV is now showing inconsistent results. It will occasionally drop down to a more-reasonable 0.1 Watt. But it might also remain at the aforementioned 20 Watts. Not entirely sure what it's doing, whether just sitting there or staying on for a while after turning "off" the TV.

view more: next ›