Hacker News new | past | comments | ask | show | jobs | submit | reedlaw's comments login

This was mostly about making a silicon wafer. This video shows more detail on the rest of the process in a home lab: https://www.youtube.com/watch?v=IS5ycm7VfXg (blog here: http://sam.zeloof.xyz/second-ic/)


Do you have a guide or any tips on how to do this?


It's called PXE boot.

You need a server to host the ISO (via http/ftp/tftp or whatever you prefer) and a DHCP server that will distribute the ISO URI to the client.

Configure the client to boot from the network in the bios and put it in the same LAN as the dhcp server.

That's the gist of it.


Raspberry Pi's don't use PXE boot, they have their own proprietary system. The kernel is fetched by TFTP, along with a config text file which species an NFS location to mount as root. Boot then continues from there.


It would likely be similar to gaming on Linux but with the limitations of ARM-only and OpenGL ES 3.1 or Vulkan 1.2. [1]

What would be more interesting is an open source micro-kernel and gaming SDK targeting Raspberry Pi.

1. See https://www.pcgamingwiki.com/wiki/List_of_Linux_ARM_games


I think it could avoid some of the issues with gaming on linux because you could focus in on a unified platform and if there was a gaming SDK targeting the pi we might see orginal games being made as opposed to just ports.

Also what exactly would a micro-kernel entail? I'm much more familiar with game development than os development.


Most Raspberry Pi Linux distros take around 10 seconds to boot. It can be made faster by using a tiny distribution or something like https://www.linuxfromscratch.org/ but it would be nice to find an OS geared towards gaming.


> OpenGL ES 3.1 or Vulkan 1.2.

Weird that it doesn't have the full OpenGL, even if it was through Zink.


I would gladly use my Pixel 4a (5G) another few years but its support ends in two months [1]. Even though I run GrapheneOS, the open source community is not capable of maintaining firmware, kernel and vendor code [2].

1. https://endoflife.date/pixel

2. https://grapheneos.org/faq#legacy-devices


Fwiw LineageOS has historically supported various Pixels for many years longer*, eg. the Pixel 2 (2017) which has been updated to Android 13[1]. GrapheneOS on the other hand only supports devices for as long as the manufacturer provides official updates from what I understand.

* Subject to of course willing volunteers.

[1] https://wiki.lineageos.org/devices/walleye/


It should be noted that some security vulnerabilities, such as firmware blobs and binary blob drivers, can't be fixed by LineageOS. Certain Broadcom WiFi chipsets had RCE vulnerabilities in them, for instance, and these devices also run an entirely separate Linux install on the modem chip that rarely receives updates, if ever.

While LineageOS can easily extend a phone's lifetime by several years, it's not a real replacement for manufacturer support. I think GrapheneOS's take makes sense, especially for a security-oriented ROM.


Mmm, for this reason it's worthwhile keeping an eye out for firmware-level issues in case the device is outside the OEM supported range. Eg: CVE-2020-11292[1] which affected Qualcomm chips.

[1] https://www.bleepingcomputer.com/news/security/qualcomm-vuln...


That's still a local privilege escalation type of vulnerability, isn't it?


Do you know what the attack vector is for exploiting an outdated phone? Asking because I really do not want to get rid of my Pixel 5 in one month.


In at least one instance, Google's Project Zero found an RCE vulnerability that could be triggered by just being nearby.

More common exploits target things like the GPU drivers. They require code execution on the device (i.e., an app you've downloaded) but they can be an easy path to root access for attackers targeting specific devices.

Realistically, people use phones long beyond their official software support lifetime. Plenty of unhacked phones going around still running Android 8. Android's fragmentation makes it hard to write a one-size-fits-all exploit chain like on you can on iOS.

Just make sure to only run apps from sources you trust and to update your browser, and I'm sure you should be fine for another few years.

If you want to, you can run ROMs like LineageOS. They won't fix the binary blobs, but they'll patch the open source version of Android and keep you up to date in that regard. My phone stopped receiving updates after an Android 11 update and now it's running last week's Android 13 build, patching a whole bunch of Android runtime vulnerabilities. Many phones in use today are vulnerable to a zero-click Bluetooth exploit that would be fixed by installing LineageOS or something similar to that. The newer Android version also provides me with all of the privacy improvements that have been made in Android 12 and 13. I'm hopeful that it'll run Android 14 as well, though depending on a volunteer project isn't a guarantee of course.

In theory my phone could probably be hacked quite easily though the outdated GPU drivers, but in practice I don't think I'm at that great a risk unless I try to start pirating games or something.


I agree it's a shame that Google didn't do a better job with the older Pixel devices.

It's worth noting, however, that all of their newer flagships (based on a CPU design they have more control over) have guaranteed security updates for 5 years after release.

FWIW I despise Google and do my absolute best to avoid compensating them, but I do think things like their guaranteed security updates are a step in the right direction, and hopefully we can only get further improvements from here.


5 years is too short, it means we need to buy at very least 10 brand new phones from 15yo to 60yo (oldies also need security updated right ?). We need a pocket device that do clock, agenda, media player, camera, web browser and obviously phone. Apps are great but can be replaced with on/offline sites. We’re going in a direction that sacrifice users and resources sustainability in favor of the economy.

I’m not against economy but it should be a tool to empower humanity, not the opposite.


Yes, I agree. In my perfect world, a company is legally required to support ALL products they have ever sold, for an unlimited period of time.

There would still be warranty periods. But the company would be required to indefinitely continue selling replacement parts, provide repair services (or support third party repair services with manuals, schematics, etc), issue security updates for critical vulnerabilities, etc.


wait, no phones for 70y olds :)?


> Pixel 5 Updates [...] Ends in 1 month and 2 weeks

No way am I getting rid of my Pixel 5 in a month, it still runs like a champ. Can anyone tell me realistically what are the risks of running a phone without security updates? If it's worth anything, I almost exclusively run FOSS apps from F-Droid.


Same boat. Feels like I bought my Pixel 5 yesterday and it feels like new, no way I'm going to trash it. It's unlikely I will buy (or recommend) another Pixel if they don't extend the security updates period.

Wonder why it is so short: is support that expensive for many models? or simply to force users into unneeded upgrades (F* that).


I got my Pixel 5a based on an erroneous assumption of five years of support, I see EOL for support in 2024, which is only 3 years past release!


Oh yes, and when support ends it's practically impossible to use a phone.

I've never understood people talking about "support", still rocking a 7 year old phone (have changed the battery) with fairly recent lineageos. Only really use floss apps though and don't browse weird sites.

I use a computer for serious stuff.

If you really cared about waste you could a) not buy a phone with limited support if for some mystical reason you care for that or b) find ways to use the phone without support.


I have no plans to stop using my Pixel 3 running Android.


Got rid of mine, they kept being hacked with grapheneOS installed, but even previous samsung android phones were also being hacked.

When you are being targetted, you soon find out that these big and small businesses cant save you from criminals.


Have you checked your CO detectors recently?


The CO detectors have been hacked


Explain why I should check the CO detectors.



tldr


TL;DR: You might have Carbon Monoxide poisoning which is inducing memory loss and these “hacks” you are experiencing are merely you doing things to yourself that you don’t remember.


I was thinking more of the paranoia than the memory loss when I suggested CO detectors, but my own memory loss might be embellishing the original thread with things that weren't there


Yeah, memory loss and personality changes are both symptoms - so being paranoid fits there... it doesn't help the original person was writing themselves notes, forgetting they did it and then waking up wondering WTF is this??

I'm pretty sure I've managed to do something late night and wake up to it thinking the same (and as far as I know I dont have CO build up lol)


Theres no fire's here, just me smoking, but I've already tried giving up smoking a long time ago and my zyban was swapped for what seems like chalk pills. Not the only med thats been tampered with, my anti biotics were stolen from my bedroom, and the risperidone was swapped for something that left me incapacitated in bed for hours every morning, which was totally different to the experience when locked up in a mental health ward.

The antibiotics were stolen in the hour or so it took for me to walk my dog and the only person in the house during this time was Lorraine Botwright https://www.lakenheath.af.mil/News/Features/Display/Article/...

I should add, from a very young age I've been drugged by my own parents and made to do stuff naked with what can only be described as something like scopolamine.

But you know the govt doesnt teach you what parents can and cant do to you, just like the legal system doesnt teach law to anyone either!

Makes me wonder who are the real criminals?


How would I do the reverse? That is, turn smart speakers into regular speakers. I have a Sonos Move but it can't play audio from my desktop PC with no bluetooth. I could buy a bluetooth dongle, but honestly I find wired connections easier to manage than pairing bluetooth devices, especially when you need to switch paired devices. I was hoping this OtterCast would have both bluetooth and line-in so I could do this (connect the bluetooth to the Sonos and the line-in to a desktop or other device).


Presuming you're using linux you can use one of the ottercast devices as a pulseaudio network sinc. It should just show up in your list of audio devices, although I admit I've never actually used a network pulseaudio sinc. If you wanted fancier multi-room audio you could install snapcast on your computer.


Enjoyed your article on backups. I was intrigued by the idea of NAS as a solution to bit rot, but when I looked at NAS products, sticker shock dampened my interest. I've been using git-annex so I looked into how it deals with bit rot. It shares the same backup philosophy as git: lots of copies to keep stuff safe.

See https://git-annex.branchable.com/todo/Wishlist__58___Parity_...


The paper uses the term "technical debt" without defining it. From the context the term is used in its popular sense in which the primary source of debt is writing code poorly. Ward Cunningham, who coined the term, did not mean it in this way [1]. Wikipedia defines it as "the implied cost of additional rework caused by choosing an easy (limited) solution now instead of using a better approach that would take longer" [2] which is more aligned with Ward's intention. The problem with the current understanding of the technical debt metaphor is that it justifies poor code quality. Apparently it's like taking out a loan to make a sound investment.

1. https://youtu.be/pqeJFYwnkjE?t=196

2. https://en.wikipedia.org/wiki/Technical_debt


> "the implied cost of additional rework caused by choosing an easy (limited) solution now instead of using a better approach that would take longer" [2] which is more aligned with Ward's intention.

Precisely. A useful way to think of technical debt is that it should be a tool that is intentionally used to navigate the tension between cost now vs. later, for some benefit (usually quicker delivery).

If code is poorly written inadvertently (e.g. lack of experience, poor programming skills, carelessness, etc.) that is a different kind of burden on those working in the codebase.


They define it in the second sentence as "trading code quality for time-to-market and new features". Section 2 defines code quality ("This section defines the metrics for code quality"), which is helpfully (/s) measured by the tool they sell.


Quite right. Thus they implicitly equate poor quality code with technical debt. This makes the metaphor unsuited to a proper aversion to poor quality code. If it's simply debt it can be paid off later with a small amount of interest. Such a conclusion is contrary to the one the paper is trying to put forth.


Assuming that they ran the experiment in earnest, doesn't that strongly indicate that whatever code quality metrics in their product target are a pretty good signal? (Until people target those metrics)


This problem is present in Premiere Pro too. The recommended solution is to convert the variable FPS video to constant FPS before using it as a source.


This reads like a positive framing of Jacque Ellul's critique of technique:

> The characteristics of the technical phenomenon are Autonomy, Unity, Universality, Totalization. Technique obeys a specific rationality. The characteristics of technical progress are self-augmentation, automization, absence of limits, casual progression, a tendency toward acceleration, disparity, and ambivalence. [1]

Supposing the harm Google does (e.g. ambivalence towards individuals harmed by algorithms) is a direct result of this totalizing impulse, maybe it's time to question some of the fundamental assumptions present within.

1. https://ellul.org/themes/ellul-and-technique/


One way to circumvent this is to use a strong passphrase to deterministically generate the PGP/SSH key [1] to unlock other passwords. The SSH key could grant access to a remote server with backups and the PGP key could decrypt passwords using pass [2]. Of course, the "master" passphrase must be kept safe or remembered.

1. https://github.com/skeeto/passphrase2pgp

2. https://www.passwordstore.org/


pass is great for availability, I think I have several friends even in other countries (if a VPS wouldn't be sufficient) that would lend me space with a shell account for a "pass git push".

Of course, the gpg key is an issue, just as well the password or the ssh key for those accounts. In addition to passphrase2pgp, you could also use paperkey and keep it storage and/or a bank safe. I, for one, store my GPG key on a Yubikey. Of course, I would have thought I'm storing it safely, but it's left in my laptop for a few days now, so chances are I would simply leave it there in an actual emergency. However, pass also supports (re)encrypting with multiple keys, and one more Yubikey can then be kept with friends/family, and it can also store backup SSH keys.

Having multiple copies of ssh and GPG keys and the passwordstore git repo, chances are great to be able to recover most of the online presence.

If a phone/tablet itself can be saved, it could also host another mirror of the GIT repo (for example with an app like Working Copy), accelerating recovery.

paperkey: https://www.jabberwocky.com/software/paperkey/


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: