Civil forfeiture and DEA is a separate problem unto itself, and you’ve always hit on the key points: DEA operates within the country, whereas customs is at port of entries. DEA’s corruption and geographic reach mean they have caused far more problems than any customs agent, in pursuit of a 1990s zeal that “drugs are bad” and expanding that into a parallel law enforcement system, despite already having a federal law enforcement department: the FBI. Civil forfeiture should be abolished as unconstitutional, violating due process, equal protection, and property law.

So yes, once you’re in the country, there is a risk to carry around large sums of cash. But that’s hardly connected to the customs declaration requirement, and certainly cannot be connected to the declaration requirement on the way out.

When entering or exiting the USA, the rule is that cash or financial instruments need to be declared above $10,000, but you can bring as much as you want. So bringing a literal suit case of Swiss francs worth $5 million USD is perfectly fine, provided you tell the customs agent.

While I can’t really advise going to the USA right now, it’s not like they will confiscate cash above $10,000. The particular phrase used in most places is “freedom of capital”, meaning that money can flow into or out of the country without significant impediment. The entire USA financial sector relies upon freedom of capital, whether that’s electronically or – if need be – with bundles of cash.

Declaring cash helps prevent money laundering, since people intending to secretly move money would not want to declare to customs. The threshold is intentionally set so that normal people going on holiday with cash or travelers checks (yes, I’m aware it’s 2026) won’t be burdened by the rule.

Obligatory XKCD: https://xkcd.com/3138/

Please let such a thing never exist!

I think the market for each is quite a bit different. Prop guns, whether functioning or not, are often regulated in law as “replica firearms” because while they may (or not) be functional, the issue is that they are intentionally similar to the real thing. Hence, some jurisdictions have limits on who can sell replica firearms and who can buy them.

One rank below firearms and replica firearms, air/pellet guns and BB guns propel small balls or shuttlecocks (?) made of metal using compressed air or spring power. These could still be harmful to people, but aren’t usually fatal, which makes them effective for pest control or target practice, in lieu of live firearms. Accordingly, these are often regulated like how knives are: don’t just hand a pellet gun to a child without supervision, and don’t assault people. Otherwise, do as thou whilst.

Meanwhile, airsoft guns propels small plastic balls using springs, compressed air, or electro-pneumatic pressure. By sheer virtue of having less density, a plastic airsoft projectile carries less energy than a BB pellet, and certainly a lot less than a live-fire bullet. Also, whereas firearms can attain supersonic velocities, the speed of sound puts a firm cap on what a plastic, ball-shaped projectile can achieve, when not using chemical-based propulsion (ie gunpowder).

Only 8 US States regulate airsoft guns, and even those that do are not restricting them as heavily as firearms (except New Jersey?). The common requirement is that an airsoft gun should have an orange tip. That means a majority of Americans are potential customers for airsoft, and that means an environment will form that host matches, competitions, and so on. Big market means lots of producers, so lots of variety, high quality, and lower prices for all.

Whereas, what’s the market for replica firearms? Show business? Gun enthusiasts?

if properly reviewed and it works right, you can’t argue with results.

The key word is “if”.

This is rather the crux of the issue: most AI-generated code is not reviewed, let alone reviewed by humans, let alone reviewed by human experts within their expertise. Nor does AI-generated code have a good history of being well-tested to any particular formal standard of validation (eg ISO), against any defined criteria that isn’t itself AI-generated and unreviewed. There are outliers, no doubt, which strive to lift themselves above this low-bar, though the effort to do so often exceeds the effort to just have the experts hand-write the code instead and then formally validate it, at least as of early 2026.

Some AI could plausibly be tolerable within an already-functioning software engineering team. But “all code in Trail Mate is 100% generated by AI under human guidance” is an abdication too far.

[email protected]

Even when something is fairly inexpensive and readily available, the nature of the thing may preclude it from being well-noticed in public, even if it’s not being intentionally obscured at all. Things that move are an especially good example, because most people don’t really pay significant attention to passing traffic or stuff moving approximately 3-5x faster than their own walking pace, with the exceptions of when they themselves are in motion too (eg seeing another train while riding a train), or if the object is coming straight at them.

An example suited for fellow Americans: seeing the same color and model of your car, parked in public, is very easy to spot, because that’s how you’re accustomed to seeing your own car: stationary. Whereas seeing your own car in motion (while you’re stationary) is slightly harder because: 1) it’s whizzing by for only a few seconds, and 2) you’re not used to seeing your own car drive away from you. Confirmation bias then means that you rarely see that same model of car in motion.

Drones have the same perceptional bias, but compounded by the fact that humans aren’t in the habit of scanning the skies overhead for drones. And even if they do, identifying a hovering drone means to spot a small dot that’s hanging dozens of meters in the air, or being within earshot (inverse-square law limits this distance). And if the drone is moving, then spotting it is even more difficult, although it does have a moving audible footprint now.

Finally, there’s the operator, which in almost all circumstances is stationary. Yet, for similar reasons, why should anyone notice if someone is standing in a forest, looking at a screen with a set of controls? If nobody is around, is a drone operator even there? As a fairly solitary activity, it’s no surprise that few have ever seen a drone actually being operated, much the same that loads of people know of Pokemon cards and yet few have actually seen the TCG played out on a tabletop (this fediverse audience excepted).

TL;DR: the general public only perceives things that are easily perceivable. When did you last see your car moving?

The short answer is that it depends. Some countries have treaties where civil court judgements (ie money compensation) from overseas are honored domestically, meaning the domestic court would not have to relitigate the facts but would just be to re-issue the local equivalent of an order to pay up.

Seeing as this is a lawsuit in the UK, Valve does not appear to have a dedicated business location in the UK or EU, and that Valve has not already stopped offering services, I would guess that they don’t intend to skip town. The appeals process in British courts is similar to how it is in the USA, so there would be room for any award to be adjusted downward, before being forced to pay it.

Also, to not pay a lawful judgement in one jurisdiction would cause potential issues in other jurisdictions, such as the massive EU market next door. This is precisely because Valve doesn’t operate a subsidiary but is doing business under their USA corporation. So the EU authorities would be within their rights to curtail the same corporation that skipped on a lawsuit in the UK, even when the UK isn’t part of the EU anymore.

Note: some lawsuit judgements are explicitly disallowed from being “repatriated”, such as lawsuits regarding free speech in the USA. Under the SPEECH Act, an overseas judgement for speech that would have been legal if said in the USA. Thus, that judgement cannot be collected on USA territory or against USA bank accounts. It would have to be collected against the person when they’re traveling, or from their non-USA bank accounts.

If a lot of people suddenly stopped consuming anything there would be a drop in price. The producers don’t have time to adapt.

This is generally correct, but with a somewhat-rare caveat. If the product was priced as the sum of variable costs (eg unit cost of fuel to yield 1 kWh of electricity) and of fixed costs (eg price to build a power generating station that will last for 20 years), then a reduction in consumption can actually cause an increase in per-unit costs for the remaining consumers.

This is precisely what is playing out in California with the incumbent electricity provider, PG&E. For arcane reasons, their regulated monopoly allows them to undertake large-scale construction projects, with a guaranteed rate of return (aka fixed cost) passed onto consumers. But since solar installations have smashed even the most optimistic expectations, demand for fossil fuels generation is slowing. But because a power plant running at 50% output still needs to pay off 100% of its loan payments, PG&E is using the situation to try to hike consumer rates even more. You know, to pay for those large projects that PG&E owns…

At the end of the day, non-solar consumers are being asked to shoulder more of the burden despite falling electricity demand (pre AI), but it’s not caused by solar early-adopters, but due to PG&E’s own greed and desire for guaranteed profit.

TL;DR: prices will usually go down when consumption goes down, unless a monopoly is trying to save their own skin. PG&E should be dissolved.

Glad to see this! And thanks for getting back to me.

Btw, is there a presence for the project on Mastodon? I’d like to follow along on new stuff in this space. Or even an RSS feed that can be pulled by a bot on Mastodon?

That ebook reader is wild! Does the text stay in place while you read, or does it scroll past like a stock ticker?

If the latter doesn’t exist, I guess I should go push a PR to make that happen on meshcore firmware haha

Hi! Firstly, thank you for using /dev/urandom as the proper source for random bytes.

Regarding the static H1-H4 issue, does your repo have any sort of unit tests that can verify the expected behavior? I’m aware that testing isn’t exactly the most pressing thing when it comes to trying to overcome ISP- and national-level blocking. But at the same token, those very users may be relying on this software to keep a narrow security profile.

To be abundantly clear, I’m very glad that this exists, that it doesn’t reinvent the WireGuard wheel, and that you’re actively fixing bug reports that come in. What I’m asking is whether there are procedural safeguards to proactively catch this class of issues in advance before it shows up in the field? Or if any are planned for the future.

I’ve had the opposite experience, where NewPipe lagged behind PipePipe in terms of adapting to YouTube-related changes. It had something to do with updating the subscription feed (not that that function is totally reliable on either app).

I also observed this strange issue with NewPipe where if a notification sound interrupts a background-playing video, the audio would stay reduced in volume until the app was brought back to the foreground. A cursory search suggested it was specific to Samsung phones, but when I switched to PipePipe, the issue simply didn’t appear.

Grain of salt: I haven’t used NewPipe since switching in November.

That’s fair, but since OP doesn’t have the machine to immediately check the model number, and 2010 is within spitting distance of 2012, I figured I’d provide some additional info, just in case it’s older than originally estimated.

That said, a 2010 machine would be fairly ancient. But then again, it’s 2026 and DDR3 is somehow relevant again…

If that MacBook is old enough that it’s part of the first generation of Intel Mac products, you may have to do a few extra things to account for the 32-bit EFI – not UEFI; that would come later – that those machines used. I recall dealing with this myself, back when older versions of Ubuntu provided the ISO for specifically this scenario. Instead, you might want to review this page which describes the problem and how to address it: https://ctrl-alt-rees.com/2024-08-13-operating-system-options-for-32-bit-efi-mac-macmini-11-21-macbook-imac-64-bit-usb-install.html

Note that a 32-bit EFI does not prevent you from installing a modern 64-bit OS. The complexity is just with getting the system to boot from the installer disc.

Ok, I’m curious as to the DPI claims. Fortunately, AmneziaWG describes how it differs from WG here: https://docs.amnezia.org/documentation/amnezia-wg/

In brief, the packet format of conventional WireGuard is retained but randomized shifts and decoy data is added, to avail the packets with the appearance of either an unknown protocol or of well-established chatty protocols (eg QUIC, SIP). That is indeed clever, and their claims seem to be narrow and accurate: for a rule-based DPI system, no general rule can be written to target a protocol that shape-shifts its headers like this.

However, it remains possible that an advanced form of statistical analysis or MiTM-based inspection can discover the likely presence of Amnezia-obfuscated WireGuard packets, even if still undecryptable. This stems from the fact that the obfuscation is still bounded to certain limits, such as adding no more than 64 Bytes to plain WireGuard init packets. That said, to do so would require some large timescales to gather statistically-meaningful data, and is not the sort of thing which a larger ISP can implement at scale. Instead, this type of vulnerability would be against particularized targets, to determine if covert communications is happening, rather than decrypting the contents of said communication.

For the sysadmins following along, the threat of data exfiltration is addressed as normal: prohibit unknown outbound ports or suspicious outbound destinations. You are filtering outbound traffic, right?

Insofar as USA law might apply, it may be useful for you to review the legal case involving Internet Archive’s CDL program: https://en.wikipedia.org/wiki/Hachette_v._Internet_Archive

Since the realm of copyright law is inextricably tied to the question, I’m going to try to clarify some points. Firstly, “theft” has never been the correct legal analogy for copyright infringement. That misconception comes from a false equivalency in the late 20th Century to warn would-be infringers of the steep penalties; many Americans will remember the phrase “you wouldn’t steal a car”, even though the feds cannot charge copyright infringement as theft (which requires a tangible, non-duplicable item, like car theft or wage theft).

In the US at least, it’s illegal to stream movies you don’t own or don’t have the license to stream.

Only the second part is correct: all copyrighted works are used per the license granted from the owner. Such a license may restrict the format that the work is delivered, but not always. The license that accompanies physical media is: 1) irrevocable, and 2) follows the disc’s owner (recognized in USA law as the “doctrine of first sale”). So long as the disc is owned and intact, the license is good. Furthermore, under “fair use”, it is allowed to make copies of works for either: a) time shifting (ie recording a live broadcast to watch it later) or b) to change the format, aka compatibility. The latter is why it’s allowable to rip a DVD into a personal Jellyfin server. It’s valid so long as the license is still good, which applies so long as you still own/possess the disc.

By participating in the co-op, when you stream a movie, ownership of that physical media and the digital copy is temporarily transferred to you.

Two counterexamples come to mind, the first being the Internet Archive case that I linked earlier. The second is a Supreme Court ruling against a company that rented miniature TV receivers located in metro areas across the country. In that case, SCOTUS found that although it’s fine to rent out a TV receiver, the license for the over-the-air transmission was only valid within physical range of the signal. So conveying the TV content beyond the metro area created a copyright infringement, and the company was actively facilitating that. That company doesn’t exist anymore, due to the crushing legal liability.

They are expensive for the library and don’t have great selection

Most libraries are funded from a budget, and negotiate e-book and e-movie access based on an approximate estimate of concurrent users, not on a per-user basis. Otherwise, those libraries would have uncontrolled costs if everyone decides to stream Die Hard (1988) at the same time on Christmas Day; it’s definitely a Christmas film. Quite frankly, most libraries would be thrilled if more people obtained library cards and used the services, because it justifies the budget for the library and proves its value to the community.

If you aren’t finding the content you want at your library, the best thing to do is to request what you want. Libraries are always buying new materials or access to more services. But unless library cardholders voice an opinion, the librarians will just choose generically. Be the change you want to see.

Technologically, creating a co-op is always an possibility. But always remember that the very concept of a public library is “grandfathered” and if we had to reintroduce it, the establishment would never allow it. Cherish libraries as the crucial community resources that they are. The precise form might change, but the library role must always endure.

TL;DR: the idea is legally unsound. Instead, buy discs to form a community library and share the discs, basically a Blockbuster co-op. Or advocate for a better public library.

Because of the AI-induced scraping traffic? While not perfect, Anubis and similar are coarse-but-effective solutions for self-hosting repos.

And if it it were acceptable to outsource such protection to a CDN (eg Cloudflare) in order to retain firm control over the repo, then that’s a choice that’s also available. Not everyone agrees that CDNs have a role in self-hosting – fair enough – but when a project’s very repo and existence can be wiped off the internet, owning a domain name and the affirmative upstream repository is a tractable and intermediate goal, even if it doesn’t achieve full independence.

Self hosting is an exercise in harm reduction.

I’m of the opinion that hashtags are one of the most egalitarian things recently devised, because they require no advanced arrangements to use, can be created by anyone, can by adopted by everyone, and are amplified solely by their enduring usage. It is very much a popularity contest if a hashtag comes into vogue or if it is abandoned and something else is used, or maybe the specific community isn’t as large as imagined. So for any given hashtag, I’d say just try it and see if it sticks. The Internet Police will not issue citations for improper hashtag use.

As for the underlying exercise of inviting LinkedIn people to break into your homelab, I’m not sure I see their incentive to do so. Why would unsolicited people (as in, not the AI bots) have any interest in doing so? If they had the chops to break into a network, why expend that time and effort for bragging rights, when instead that sort of work is billable?

As a general rule, I’m not thrilled when there’s an implicit assumption that other people’s labor is being valued at $0.00/hr. There’s a fine line where it might be OK to ask an expert for a bit of help or advice, but the premise of your request is to get pentest professionals to do work for no compensation, and it’s not even for a charitable, educational, or otherwise enriching purpose. Why should they?

I’m reminded of the email exchange referenced in this blog post, where an “unbreakable” encryption scheme is presented to an audience of highly capable cryptographers, and they proceed to demolish the scheme as being wholly broken, because the person who presented it could not take no for an answer. Do not be like this person.

In American English (AmE) and British English (BrE), the verb “to table” is used in legislative debates. But the meaning is diametrically opposite: AmE uses the verb to mean the abandonment of a bill, analogized as though leaving it on the bargaining table to rot. Whereas the BrE verb means to introduce legislation, as in “bringing a bill to the table”.

Both clearly share the same origin – a piece of furniture – and yet diverged as to what act is described by the word.

Other confusion arises from the verb “to sanction” which can mean “to allow” but sometimes also “to prohibit” or “make punishable”.

And a more modern addition in slang vernacular: “to drop”. In the context of artists, “dropping a mix tape” would mean to introduce new music. But “dropping a vocalist” means that the band has fired their singer. It would be confusing if both uses were found in the same sentence.