Nice! Those AllWinner boards are a little tricky to get going and have some quirks, but the price is great for the extra horsepower you get. Granted, I use the latest Armbian since the manufacturer’s images are all quite old.

130GB for the entire thing? And the pi doesn’t choke on indexing / searching it?

That was my thought. I knew it couldn’t hold it in RAM but thought it would be doing crazy IO and limited by being on SD, but it seems to not be a problem. Like I said, I don’t know how ZIM does it, but it does it well. Must have some kind of index that lets it fast travel to the correct blocks or something. I dunno lol.

how capable is the search engine (I assume it has one?)

Yep, it has search. It’s…okay but kind of primitive. It’s not slow, and if you’re searching for something that’s fairly unique (as far as keywords go), it does well. But if you’re searching something like an acronym where it shows up as a regular word in other entries, it’s a lot more hit or miss.

Yep, and I love it.

I’ve got a little Banana Pi M4 Zero (PiZero form factor but much more powerful and with 4 GB RAM) loaded up with, among other useful tools, Kiwix and the full Wikipedia dump. I just refreshed it with the 2026-02 full dump, so I’m caught up for the year. I’ve also got a lot of other offline docs loaded up (React, Bun, and the devdocs for several libraries I use) and it’s nice to have local copies of those instead of googling every time.

Surprisingly, the full ~130 GB Wikipedia dump works fine on a regular Pi Zero 2 with 512 MB RAM. I don’t know how ZIM works but it does work very very well.

Yeah, that’s what I’ve got, and I really like it.

I’m in the same boat. Got all the equipment in for my whole house solar installation and will be re-routing circuits to the new panel as soon as I have time so will have to turn all the power off for the duration of that.

I’ve got an Anker power station that should run my stack for about 4-4.5 hours by itself and can run it indefinitely while the sun is out while hooked into the PV panels. Those are (currently) independent from the new installation I’m about to start.

My UPS’s are also LiFePO4 models and can add an additional ~45 minutes of uptime. So hopefully 5 hours is enough to avoid having to shut anything down.

Not sure of the actual name, but they’re like wire nuts but crimped instead of twist. I don’t think there’s a non-destructive way to undo them but you may be able to rip the wires out and use a regular wire nut to splice them back. If not, try cutting them as far inside as you can and replacing with another crimp connector or use a screw type wire nut.

I get that it isn’t the same but when all you have is a garbage version of a memory, I’m not sure or really matters whether the representation is the original garbage or something that makes you feel less regret over not having something better.

In my experience, the worse the photograph the better my memory of it. Probably because my mind is already used to filling in the blanks in the garbage version, so it’s constantly refreshing the memory in my mind to keep it vivid. YMMV obviously. I’m also not much of a shutterbug and prefer to commit moments to memory than try to fight with my phone to snap a photo I’ll probably never look at.

Looks promising, thanks. Gonna download and play around with it now.

You’d think the standard PDF viewers in Linux (Okular, etc) would at least show you alt text but nope. Seems like a huge omission.

Unfortunately, that seems to only work when exporting from a LibreOffice doc. What I’m having to deal with are PDFs generated by various staff already in PDF format.

I was surprised by that, too. When I went looking for a way to decode them with RTL-SDR, I assumed it wouldn’t be parsing the audio but a narrowband data stream. TIL also.

Edit: It does kind of make sense with it being AFSK encoded in-band, though, or maybe I’m just so used to it being that way. I always thought the screeches were there to demand attention (and also be something that headend equipment can pick up and respond to). So it’s interesting they’re doing double duty as both an unmistakable audio cue to pay attention as well as containing the actual alert data.

Plus there are NOAA stations all over the country rather than centralized like the time signal transmitters. It was probably cheaper to do it in band at that scale.

That’s what I’ve done for years. Makes managing things much easier, and I run multiple APs (all with the same SSID/PSK) and you can just roam to the best one. One upstairs, one downstairs, one in the weird dead zone in my office, and one on the back patio (it’s not hardwired and uses the mesh connection for uplink).

These are all old Aruba APs running OpenWRT but that’s the plan for this Cudy Model. I may pick up a few more and just replace all of my trusty but very old Arubas.

I bought this one last month when it was on sale for $39: https://www.amazon.com/dp/B0BRK3CYY3

Haven’t deployed it yet, but it’s fully supported by OpenWRT. I would only be using it as an access point, though. My router is a USFF Optiplex with an extra NIC and runs OpenWRT.

My standard is “Fast Draw”. F-Droid

The only limitation is you can only have one widget. So if your home screen is typically widget-heavy, this probably isn’t for you.

It also only sorts apps alphabetically, but that’s how I like it, so isn’t an issue for me.

Yep, that’s the one.

I’ll reserve a phone but not a truck, lol. Looks like those are scheduled to be out late 2026, so probably at least next year before I can even think about getting my hands on one.

At least it’s still a thing.

I used to drive a 2004 Ranger and loved it. Would absolutely love an EV version even if the range isn’t super great. Mostly need a truck occasionally and for hauling stuff from the home improvement store or if I find furniture at a garage sale or something.

Need to check and see if that $20,000 no-frills EV truck is making any progress.

And the auto-submitting TOTP entry form where you’re apparently not allowed to make a typo. And obscuring the TOTP number like it’s a password or state secret.

Solutions that work for a corporate application where all the staff know each other are unlikely to be feasible for a publicly available application with thousands of users all over the world

This is something of a hybrid. There will be both general public users as well as staff. So for staff, we could just call them or walk down the hall and verify them but the public accounts are what I’m trying to cover (and, ideally, the staff would just use the same method as the public).

Figure if an attacker attempts the ‘forgot password’ method, it’s assumed they have access to the users email.

Yep, that’s part of the current posture. If MFA is enabled on the account, then a valid TOTP code is required to complete the password reset after they use the one-time email token. The only threat vector there is if the attacker has full access to the user’s phone (and thus their email and auth app) but I’m not sure if there’s a sane way to account for that. It may also be overkill to try to account for that scenario in this project. So we’re assuming the user’s device is properly secured (PIN, biometrics, password, etc).

If you are offering TOTP only,

Presently, yes, but we’re looking to eventually support WebAuthn

or otherwise an OTP sent via SMS with a short expiration time

We’re trying to avoid 3rd party services, so something like Twilio isn’t really an option (nor Duo, etc). We’re also trying to store the minimum amount of personal info, and currently there is no reason for us to require the user’s phone number (though staff can add it if they want it to show up as a method of contact). OTP via SMS is also considered insecure, so that’s another reason I’m looking at other methods.

“backup codes” of valid OTPs that the user needs to keep safe and is obtained when first enrolling in MFA

I did consider adding that to the onboarding but I have my doubts if people will actually keep them safe or even keep them at all. It’s definitely an option, though I’d prefer to not rely on it.

So for technical, human, and logistical reasons, I’m down to the following options to reset the MFA:

1. User must contact a staff member during business hours to verify themselves. Most secure, least convenient.
2. Setup security questions/answers and require those after the user receives an email token (separate from the password reset token). Moderately secure, less convenient, and requires us to store more personal information than I’d prefer.
3. Similar to #2 except provide their current password and a short-term temporary token that was emailed to them when they click “Lost my MFA Device”. Most convenient, doesn’t require unnecessary personal info, possibly least secure of the 3. Note that password resets require both email token and valid TOTP token, so passwords cannot be reset without MFA.

I’m leaning toward #3 unless there’s a compelling reason not to.

I thought about generating a list of backup codes during the onboarding process but ruled it out because I know for a fact that people will not hold on to them.

That’s why I’m leaning more toward, and soliciting feedback for, some method of automated recovery (email token + TOTP for password resets, email token + password for MFA resets, etc). I’m trying to also avoid using security questions but haven’t closed that door entirely.

Personally, I love that layout.

I’m always at a loss for what to put up as wall decorations, and I hate rats nests of cables. Win-win!

New U.S. rules will soon ban Chinese software in vehicle systems that connect to the cloud

Seems to me that the easiest way to get into compliance would be to not make the car connect to the cloud/internet. I’m gonna drive my 2017 model until I can buy a new car that isn’t a smartphone on wheels.