Setup a firewall with the minimum exposed ports, even on Linux. UFW is reasonable

Intrinsically/semantically no but the expectation is that the texts are encrypted at rest and the keys are password and/or tpm+biometric protected. That’s just how this works at this point. Also that’s the government standard for literally everything from handheld devices to satellites (yes, actually).

At this point one of the most likely threat vectors is someone just taking your shit. Things like border crossings, rubber stamped search warrants, cops raid your house because your roommate pissed them off, protests, needing to go home from work near a protest, on and on.

RF analysis is kinda difficult, you’d need to take the car out into the middle of nowhere and have access to fairly good equipment. A tinySA would maybe work if you’re very patient but data transmissions are generally very bursty so it may be difficult to nail down where it’s coming from in a sane amount of time.

One option would be to try to figure out if there are any FCC filings for your car. All filings will have pictures of whatever module is being used and what antenna systems it uses which may give you a good idea of where it is and what it looks like. There should be an FCC ID mentioned somewhere at the beginning or end of the cars manual. Googling that should bring up some stuff.

Fuck HDMI. The committee makes doing custom hardware near impossible unless you’re a mega corp

https://github.com/nivekuil/rip This is what you’re looking for

The lower layers all already at least moderately well encrypted, what they’re doing here is trying to pull the unencrypted device ID necessary to establish a connection. It’s not really what you’re sending (though traffic frequency analysis may be included) and more about just figuring out where a particular phone is so they can physically track the user.

The unspoken part is that unless Gabe has a very strong plan involving some sort of employee co-op, when he retires or dies the company will likely get sold by the estate to private capital which is 100x worse than being a public company.

Why the popularity in Yemen? Weird laws or something?

It would be an insane mistake to underestimate that group. Like the other comments said, they are the Taliban and the military/police. However even if they somehow weren’t, it still means we have potentially tens of millions of domestic terrorists running around armed to the teeth and that’s not a great feeling.

Yeah I’m becoming increasingly nervous with the blue states systematically trying to disarm everyone and the red states are trying to whip everyone into a traitorous frenzy over the dumbest shit while arming everyone with a pulse.

Otoh, and this probably sounds absolutely fucking nuts, I’ve found republicans tend to understand “strength” and they are strangely respectful of liberal and leftist gun owners because that’s a dynamic they can comprehend. It’s not a good state of affairs but it’s better than them believing they can just run things because they’re the only ones with “strength”

Ok I hate all of this.

They’re not the same, but they’re kind of the same personality type. They frequently care about the same things, they just want very aggressive change to fix them. The issue is the path to get there and those are wildly different in terms of what the problem is and the underlying world view.

Yeah the security angle gets parroted a lot, I’d call it more of a bad practice thing than a “omg you’ll definitely get haxxord”.

Otoh USB C as a spec is sort of necessarily a nightmare. It’s not hard to end up with shitty devices that’ll gleefully provide 20V when the system expects 5V and even if it’s just USB A, it’s not that hard to end up with 120/240v going straight into your phone.

At least with devices you own and control you know if they’re melting things and haven’t spent their lives being kicked/spilled on/cleaned with corrosive solvents or just generally old as hell and unmaintained.

Personally I bring my own because it’s faster and more reliable, and I have trust issues.

Just my opinion but I don’t really like the common belief of separating nation and non nation state actors. We’re getting to the point where nation states are making up a large portion of the really damaging attacks, and it’s frequently ones own government or a government they’re in conflict with which means there are very kinetic consequences for failure even if you’re a nobody. It’s not just someone stealing some money anymore.

The technical term is “dummy load”, most antennas are around 50ohm “impedance” which in an incredibly roundabout way means the antenna is indistinguishable from a 50ohm resistor at whatever frequency it’s tuned to…which means you can replace the antenna with a 50ohm resistor.

This all assumes you care about leaving the radio functional (radio amplifiers will burn up if they can’t dissipate the energy they’re creating) and in most cases it’s probably fine to just cut the trace as close to the source chip as possible. That said, if the system is especially evil and well engineered it’ll throw errors in some cases so better to leave everything functional but unable to hear or transmit.

I suppose there’s nothing wrong with it when the file is at rest, it looks like zip uses AES 128 or 256 which are adequate if you have a very strong password for the encryption. Ideally the encryption would feature a computationally intensive algorithm to slow guessing attempts when attempting to decrypt so you probably don’t want to use a weak password.

Usability won’t be great, you’ll be copy pasting constantly and that presents an opportunity for malware to spy on the paste buffer and steal your passwords but it’s a low to medium severity issue.

If you want to keep everything local I’d recommend KeePass, it’s free, open source, and very strong. It’s kinda the same thing but with the ability to insert passwords directly in some cases and can do more to keep everything organized.

If you want to use this in environments where you can’t install anything on the systems but don’t want anything online, this is probably acceptable though.

… Why does the sunflower oil factory have a plasma cutter?

Aren’t they fundamentally anti privacy? You have to be logged in so they can correlate literally everything you search for or click on with a credit card number and real name…

Wait until you see our tiny cox

Yeah, that’s the issue ultimately. The ESP32 chips are nice and easy to use but still pale in comparison to getting things working on a pi for the average developer without embedded experience. These devs may not even know they exist to be completely honest.

I’m not intimately familiar with the BCM2711 but I believe it’s a reasonable, albeit somewhat overpowered, processor for the application. It can be put into a variety of low power states and probably pulled out of sleep by various events like the GSM chip sending packets or accelerometer motion (frequently the peripheral chips have dedicated “wakeup” pins that you can wire to interrupts). It’s not the most cost effective option by far, there are sub $5 microcontrollers with multiple cores for handling communications and real time motor control concurrently but you’d need to hire someone like me for a few months @$200/hr to write the low level drivers and design the boards. The rpi lets random web-only devs fumble their way through hardware development using whatever GitHub Python libraries they can find. If you only need a hundred scooters it makes more sense to just yolo it and buy up the remaining supply of rpis to start your grift.