15.0 adds support for OIDC tokens being handed to Actions workflows compatible with GitHub Actions. I was excited to upgrade because I wanted to continue doing cosign Docker image signing, but then I found out that the Cosign transparency log doesn’t support Forgejo. Looks like I need an alternative.

My next biggest problem is the Actions workflow itself. I setup Docker in Docker, but turns out there’s a bit of work in preparing the runners to be on par with what I used on GitHub.

Otherwise, I’ve found Forgejo to be quite good and almost all my private repos are moved over.

Home Assistant and local, cloud-free protocols and devices are great

Google Fiber unfortunately got sold to a private equity company and merged with Astound.

https://arstechnica.com/tech-policy/2026/03/google-fiber-will-be-sold-to-private-equity-firm-and-merge-with-cable-company/

What about throughput, latency, schema modeling, query load balancing/routing, confidentiality, regulatory compliance, operational tooling? How easily can I write a CRUD or line of business service using it?

Are you trying to make an offline website? If so, you could look into using a Service Worker which would give you full control over when the content gets refreshed.

Windows has something called the ShutdownBlockReasonCreate API which enables apps with long running operations to prevent a shutdown to avoid corruption or losing work.

Is there an equivalent for Linux? When used appropriately, it makes shut downs even more graceful.

deleted by creator

I thought this was using SDKs embedded in apps and advertising platforms. This is a different threat model. You need to block ads and prefer using websites instead of apps which have more access to device info like the advertising ID.

If you’ve got an Android, go to Settings, search for ads, and find the advertising ID and delete the ID. It’s a stable identifier that can be used to identify your phone.

Switch to more private browsers like Firefox for Mobile and install uBlock Origin.

EDIT: I’m not saying this will protect you against IMSI catchers or tower based drag nets. In addition to not bringing your phone, when you do go home you need an entirely different set of tools to protect yourself.

Are those networks marked as hidden SSID networks? Hidden networks require the client STA to broadcast them to find them.

I use it to play music from Jellyfin to my Sonos speakers. It won’t fix a Jellyfin library that has bad data, but it can pull in music from multiple different sources and push to different players.

It works well enough. Some issues where songs get interrupted, but I think that’s issue with the Music Assistant/Sonos integration.

I developed my own scraping system using browser automation frameworks. I also developed a secure storage mechanism to keep my data protected.

Yeah there is some security, but ultimately if they expose it to me via a username and password, I can use that same information to scrape it. Its helpful that I know my own credentials and have access to all 2FA mechanisms and am not brute forcing lots of logins so it looks normal.

Some providers protect it their websites with bot detection systems which are hard to bypass, but I’ve closed accounts with places that made it too difficult to do the analysis I need to do.

I scrape my own bank and financial aggregator to have a self hosted financial tool. I scrape my health insurance to pull in data to track for my HSA. I scrape Strava to build my own health reports.

Can’t be a passive adapter or else that would mean DisplayPort and HDMI have to protocol compatible. If they were then we wouldn’t have this issue. Apparently I was wrong.

If the app is just a WebView wrapper around the application, then the challenge page would load and try to be evaluated.

If it’s a native Android/iOS app, then it probably wouldn’t work because the app would try to make HTTP API calls and get back something unexpected.

Putting the charger circuit inside the battery takes away battery capacity, so I still buy the external chargers

Unless you’re running VLANs, in which case the inter VLAN is normally handled by the router. I also expose my home lab services over BGP so all my traffic hits the router then comes back to my lab services.

Every WiFi router and network has something called an SSID and a BSSID. The SSID is the friendly name that you use to show off your puns to your neighbors. The BSSID is a 6 byte MAC address. All devices use the BSSID when connecting and communicating.

With a non hidden SSID, your router broadcasts the SSID and BSSID.

The BSSID doesn’t change even if you change your SSID (Though APs with support for multiple SSID create a different BSSID per network) and it’s what is actually used for geo location.

When it’s hidden, it doesn’t send the SSID out, but sends out packets with the BSSID. Clients then scream out to the void “anybody know the SSID ‘My Secret SSID??’” Then it’ll respond.

So basically hidden networks still send out the unique identifying address and then when you take your phone with you, you’re just telling everybody what your home WiFi is called.

Hidden SSIDs are not that useful.

https://forum.syncthing.net/t/discontinuing-syncthing-android/23002

According to this post, it was partly that and lack of maintainers. Given there’s maintainers for a fork, I’m curious why they didn’t bring them into the main project.

Reason is a combination of Google making Play publishing something between hard and impossible and no active maintenance. The app saw no significant development for a long time and without Play releases I do no longer see enough benefit and/or have enough motivation to keep up the ongoing maintenance an app requires even without doing much, if any, changes.

We’re sort of in this situation because the official project decided not to continue providing an official Android app, yet people want to use it on Android forcing unofficial versions to be created and maintained.

I get that they don’t want to deal with Google Play anymore, but somebody has to deal with it and them not owning the app is putting users at risk.

How would that work? The use case is for previews for pull requests. Somebody submits a change to the website. This creates a preview domain that reviewers and authors can see their proposed changes in a clean environment.

CloudFlare pages gives this behavior out of the box.