SwizzleStick

🧠 + a few slapdash notes in a password manager. It’s very organic, very human.

Occasionally leads to situations like this.

That’s even worse. A an almost literal in-house driveby. It’s not bloody hard to see potential problems.

This computer has a strange doo-hickey poking out of it that I know nothing about. Maybe I shouldn’t just slap a new OS on it. Nah fuck it. Need to meet planned quota. Send it and run lol.

There’s a reason our PCB pick’n’place machines run Windows XP. And why that ‘Y2K compliant’ lathe over there is rocking '98. And why that tyre balancing machine at the shop over the road is in the same boat.

Bad IT.

I remain thankful that Win11 is fussy about what it will install on. It needs at least:

• UEFI boot mode & GPT partitioning of the disk
• TPM 2
• Secure Boot capability

Nixing any one of these will prevent an automatic upgrade, regardless of what group policy etc is in place. On a bunch of new Win10 builds from a while ago, I set them up as CSM/MBR and turned off the TPM in BIOS. Absolutely no chance of surprises there, even if I accidentally mark a machine for upgrade.

My network is small though, < 50 clients. When the bullet must be bit, I have the time to add the client to the ‘will upgrade’ AD group & go over things with the user(s). Then run through converting MBR to GPT, switching to UEFI and enabling the TPM again.

After that it takes care of itself and pulls down a load of QoL fixes post-upgrade.

I don’t think you’re the first nor will you be the last to be smacked with a driveby install that fucks up your equipment, sadly :(

Aftermarket OS options are getting better as time goes by, which is nice. Come a long way since the old Cyanogenmod days.

But yeah, Sammy won’t be keeping the bones patched beyond what they already have. The risk for me is acceptable, and preferable to shelling out for new hardware every few years. It works and I’m not too stupid with it.

Only 128 here and I’m not even using half of that. Every now and again I’ll transfer what I want to keep to other storage and purge the rest.

Primary use is this, chat, music player and remote control for the house smarts. Occasionally it’s a phone too :)

I don’t think I’ve used a microsd in a phone for about 6+ years now, so I couldn’t really care less. Not a photographer and I don’t travel enough to need so much offline media on the go. Just a few albums for the commute.

Still using an old Galaxy S10 and appreciating the 3.5mm jack though.

On Dell server hardware with the right cards/licensing, you can remove the need for physical access to the server to input an FDE password by leaning on iDRAC. This provides access to the console remotely during the boot process (and thereafter).

Alternatives exist that supposedly do the same thing, but I’ve never had to try them. Airconsole, pikvm, blikvm etc.

You can keep this interface unexposed by using wireguard to dial in when you’re away, as per your original thinking. Just make sure the endpoint isn’t on the server you’re rebooting…

Alfred Henry Lewis

There are only nine meals between mankind and anarchy.

It’s convenience over security, something that creeps in anywhere there is popularity. For those who just want x or y to work without needing to spend their day in the terminal - they’re great.

You’d expect these kinds of script to be well tested against their targets and for the user to have/identify the correct target. Their sources should at least point out the security issue and advise to grab and inspect before straight up piping it though. Some I have seen do this.

Running them like this means you put 100% trust in the author, the source and your DNS. Not a big ask for some. Unthinkable for others.

I love those little Lenovo boxes, also recommend.

Proxmox has also been good for me - great for just quickly spinning something up to play with before committing.

A third, and hopefully final attempt at getting an iredmail setup going. SPF, DKIM & DMARC all checking out fine. It’s actually working this time. Need to get the ISP to change our PTR record though, last bit of the puzzle.

Also picked up a used negate device, so we now have pfsense fronting everything. That’s allowed me to move the original router to a better location and put it in AP mode.

Emby media server moved off a Synology and into a proxmox container. Finally, we can stream high def with the hardware acceleration we weren’t getting before.

I have settled on Mullvad, for their simplicity and payment methods.

I run a split environment. Main router is set up ‘normally’ with what other people in the house and visitors would expect.

Attached to that is a Pi running an OpenVPN client and a hostapd server that broadcasts a separate WiFi network. Iptables on the Pi are set to only ever allow Internet traffic through the VPN as a killswitch (except for OpenVPN, to prevent a chicken-egg situation), and any wifi clients connected via hostapd are routed through it.

A script occasionally changes the VPN endpoint to keep it interesting. This Pi also acts as a qbitorrent client that stores downloads to a local NAS.

It’s a best of both setup that has been stable for over 5 years now.

If your devices rely on a service that you do not control to work - then accept the fact that one day, suddenly, they will not work.

Has gone suprisingly well.

Tesseract failed in some places, making some of the sub-headings come out in what looks like Klingon. HF have varied their paper stock dimensions as well, which caused a few things to be clipped.

Acceptable output for manual corrections.

Preview:

Expect a DM soon-ish.

Good news, they went through the ADF without too much trouble. Images just need a little contrast adjustment.

The copier used also OCR’d the whole lot, so they’ll be searchable.

Welcome.

Didn’t realise just how many I had - a whole box file full and overflow from that.

I’ve had a nice morning so far sorting, de-duping and remembering the time I coated half the kitchen in sesame seeds…

Been meaning to do it for ages so cheers for the incentive!

Python, Tesseract, OpenAI and my 3 remaining brain cells have now combined to form a working script that will rename the scan file names to whatever it reads in a certain section of the card.

Doing them by hand would be a nightmare 😅

Now I am wondering the same.

And looking down the rabbithole of Tesseract OCR haha.

I’ve done less useful things with a Monday morning before. PDFs, and I will try to suss a way to set the file names programatically.

A handful may come with ‘pre-printed accidents’ but all will be legible :)

As long as the scanner can handle the slightly thicker paper stock they use, we should be golden.