I’m looking to replace the 2GB Pi4 I’m running HAOS on.

@foxbasealpha just FYI: unless you combine it with an external SSD or other storage device, I would recommend skipping the Pi and going for a mini PC with SSD or HDD. Pi‘s with SD cards have a nasty habit of frying the card due to the many write cycles home assistant uses. I have a Beelink PC with Proxmox that is running HA and some other stuff in individual VMs, and this also gives you some more breathing room in terms of CPU and RAM, depending on the specs you get.

In terms of the comparison between Pi‘s, I can’t offer any recommendation as I haven’t tried either.

RE: https://fosstodon.org/@SocketSecurity/116321614885038368

2020: the best thing you can do for security is have a bot automatically update your dependencies.
2026: the best thing you can do for security is to tell your bot that updates dependencies to wait a day or three before updating them.

Expect more of this over the coming months as compromised credentials from previous supply chain attacks are used to mount new ones.

@rsgbengi Hey. Thanks for the writeup. I feel like there is either an error or a missing attack type in the redirect_uri section, when it comes to subdomain confusion. The trick I know is using the entire domain as a subdomain to your own domain, so to use legitimate.com.evil.com as the redirect_uri to attack a wildcard like legitimate.com* (without a slash before the wildcard).

I'm not aware of any OAuth issues that would allow you to add an extra subdomain to a redirect URI - is that a thing as well? Keycloak does not expand wildcards that aren't the final character of the redirect URI, so *.legitimate.com would not be a working wildcard, but other implementations may differ.

RE: https://fosstodon.org/@homeassistant/116295601825508570

Me: „oh, I wonder if they got the cryptography right. Might take a look.“
Blog: „…audited by @trailofbits...“
Me: „alright, nevermind, it’s going to be good, no need to check.“

Jury is still out on whether I can get used to the #ZSA #Voyager keyboard, but one thing is already clear: their software is great, and their customer support is absolutely fantastic.

@woe2you I have an Everything Presence Lite (?). It usually works well but today it’s a bit flaky. May have too much clutter on my desk right now.

Tempted to call the motion detector in my office „senpai“ because it frequently doesn’t notice me

#HomeAssistant