Of course. They can simply wait to exploit their vulnerability. It it is well hidden, then it probably won't be noticed for a while and so you can wait until it is running on the majority of your target systems before exploiting it.
From their point of view it is a trade-off between volume of vulnerable targets, management impatience and even the time value of money. Time to market probably wins a lot of arguments that it shouldn't, but that is good news for real people.
Yes, seeing periodic 5xx errors (though eventually succeeds).
Interestingly `bun upgrade` catches "GitHubIsDown" as a specific case:
$ bun upgrade
Bun v1.2.20 is out! You're on v1.2.18
Downloading [38003/21788202] Bun upgrade failed with error: GitHubIsDown
Please upgrade manually:
curl -fsSL https://bun.sh/install | bash
That's hilarious. GitHub going doing is definitely a common enough case to flag. It's been better the last six months or so, but still pretty bad. Half the incidents aren't flagged either.
Ugh, you gave me bad flashbacks of the same committee.
I tried to re-license a previously-released project (like from GPL to MIT or similar) and they wouldn't budge. I had written all the code.
In the end, I decided that them suing (or firing) me to assert their ownership of $VALUELESS_PROJECT, so they could then license it back, was ridiculously unlikely, said fuck it, and did it. And I was right.
the problem isn't your risk, the problem is the risk of the users of the project. if the code is owned by the company, your re-licensing isn't legal, and that could put other companies using it at risk.
Right, but, they never owned it, and would never attempt to assert that. So in hindsight (and similar to GP) compliance was a worse and more frustrating option than simply never mentioning things.
Thought this was going to be an mmWave sensor with an "AirBnB host friendly" UI of some sort.. turns out it's just a network sniffer? Seems.. defeatable.
> How it Works
>
> Party Squasher uses the presence of mobile phones
> as a proxy for the presence of people. You start by
> connecting our small sensor to your property’s internet
> router. [...]
Sounds like it's an 802.11 monitor mode packet sniffer, recording probe requests (which have a MAC address associated with them). Connecting to the internet is probably just to hook up to their cloud service.
Defeatable by airplane mode/wifi off/phone off, sure.
As you note, it would be defeatable by putting your phone into airplane mode. However, if you're having a party with 30 people, I doubt you'll be able to get a majority of them to turn off their phones. If the owner gets ping'd if there are more than 10 people, I think it'd be hard to get 20 out of 30 people to turn off their phones before entering the party. Even if they turn it off after arriving, the box might have already registered that the device was there. I think enough people would think "what's the harm" or "I don't want to miss texts from people" that it would be hard to get people to comply with turning off their phones.
Phone off maybe. Android still uses Wifi when Wifi is turned off, as part of it's location tracking service. I loathe it. Btw if you toggle location off enough times, Android will eventually stop nagging you about it.
Let me use my device the way I want you f--- creeps!
Yeah, you can turn off the setting that makes it so turning wifi off actually does that instead of leaving it on but telling you and your apps that it's off.
I could live with that, but what really chafes my bits is how your apps can't get so much as an NMEA string without you turning the creepy tracking telemetry that pipes data on all the SSIDs and Bluetooth beacons around you back to the mothership back on. And having Location turned off breaks many apps for no good reason.
I've been interested in doing this as a side project too, ever since "unwiring" my jeep in a similar fashion (rip out modem).
My quick-and-dirty idea was to stand up a Discourse forum with categories for each make, threads for each model (or possibly model + model year range pairs).
If anyone wants to collaborate / provide some extra motivation, hit me up..
I refer back to your exact blog post every 6 months or so to see how (or if) its various issues have been smoothed out, and whether I should recommend it in a new build. Thanks much for keeping your post up-to-date!
It’s more a matter of interpretation than correctnesss. If we’re not being deliberately obtuse, “absolute” and “relative” would go a long way toward disambiguation here.
In case you're interested, there's a fascinating recent book about the effects roads & road development have on their surroundings (and the planet at large): _Crossings_ by Ben Goldfarb [1]
Lovely read, and great to see a happy ending - I remember your previous blogs here.
As a sometime-bootstrapper and having failed at a previous hardware startup, I can relate to many of the emotions you narrated through. It may be too early, but my biggest curiosity is whether you think you will bootstrap something again?
(In my case, after the hardware business and some time off, I found that taking a swing at a “pure software” idea was the right balance for me, after the considerable challenges and occasional joys of building physical things..)
Yes, definitely. Not hardware again because I think getting to the scale where you can use external vendors is so difficult and risky that it requires more specialized hardware expertise or VC backing.
I'm going to start with educational products because I liked my brief experience with that and never had time during TinyPilot, but I'd eventually like to build a SaaS that I can grow in a calm, sustainable way.
