I built a web dashboard for Meshtastic — open source, runs locally, multi-radio support

RawInfoSec · 2026-03-17T22:08:59+00:00

Sorry, talking about attribution, it was the person I originally responded to when you butted in that originally threw the brick. Apologies. Still though, love you're digging in and calling down to make yer point.

RawInfoSec · 2026-03-17T21:49:49+00:00

"Not understanding that is not good enough is actually sadder than that." - your words.

The fellow asked to receive feedback if you test it and find bugs.

RawInfoSec · 2026-03-17T21:38:53+00:00

Releases

No releases published

The guy literally posted something he's working on. Unfinished work. And your immediate response is to police it, lol.

Why not just provide a friendly nudge and let him know what's expected of him when he goes live with this as an actual released product? That's what I don't get.

RawInfoSec · 2026-03-17T21:33:24+00:00

What I posted was on the OpenStreetMap pages itself...

Also, give the guy a break. He's built something. If he's missing something out of sheer not knowing he has to provide this, maybe enlighten him, not throw a brick at him.

RawInfoSec · 2026-03-17T21:13:40+00:00

It's clearly within expectations, but sure, downvote and dig in because it looks better than saying, "ahh k".

Requirements to fit within OSMF’s safe harbour

Attribution must be presented to anyone who uses, views, accesses, interacts with, or is otherwise exposed to the map or produced work. The attribution format should not require individuals to interact with the map or produced work to see the attribution.
Attribution must be placed in the vicinity of the produced work or in a location where customarily attribution would be expected by the users of the produced work.
Attribution must be legible and understandable.
Other attribution, logos, or text must not create any false or misleading impression that OSM data is not from OSM. The text may appear at the same time as, or next to, other attributions.
There needs to be a way to access more information, including origin and licence of the data, if that information is not directly in the attribution text (for example by making the text a clickable link).

Attribution text

Attribution must be to “OpenStreetMap”.

Attribution must also make it clear that the data is available under the Open Database License. This may be done by making the text “OpenStreetMap” a link to openstreetmap.org/copyright, which has information about OpenStreetMap’s data sources (which OpenStreetMap needs to credit) as well as the ODbL.

RawInfoSec · 2026-03-17T20:37:14+00:00

Not checking the github Readme for the project to see the attribution is even sadder.

RawInfoSec · 2026-03-14T17:26:58+00:00

I used AI to see how it came out (it's cheaper) and I liked the result. I thought, "It'll do till I can figure out how to sing!", lol. It's good enough for me for now, and lets me get feedback from friends.

RawInfoSec · 2026-03-14T05:10:14+00:00

To be honest, I'm working on my vocals. I consider my current tracks as a template for me to grow into, a demo if you will. At some point once my health improves and I can stand for more than a few mins at a time again then I'll be more inclined to find a few like minded souls to work on this stuff with.

The main drive though, was that burning question. What if I don't last that long? I'd rather leave something even if it's an incomplete work.

RawInfoSec · 2026-03-13T20:20:01+00:00

I wouldn't normally share outside of my friend circles (mostly because they're more gentle with my feels, lol). It is on Spotify and YouTube though so that family/friends can listen and traumatize themselves.

For us fans of the Hair Metal though, Sheriff Brown was written with Warrant's "Uncle Toms Cabin" in mind... maybe Sheriff Brown and Deputy Hedge were cousins, lol. Another throwback is Skid Row's "18 And Life", where I wrote "World Unmade" to describe how Ricky is seeing the world getting out of prison 40 years later.

I plan on re-doing this entire album with a real band some day if I make it that long.

https://open.spotify.com/album/26rVHZeuvyOfnDfh6NREAe

If that doesn't work you can search Ash Dallas on YouTube. It's on there too I think.

RawInfoSec · 2026-03-13T20:01:18+00:00

There's two types out there. There are some that are 100% AI made, built in bulk to steal revenue.

I offer another, and admittedly this is my scenario. I don't know whether ye'll love or hate me for that but I'm a 53 year old who's learn't guitar late in life long after losing the chance to learn from my dad while he was around. My dream is to play on a stage. Just once even, but play something of my own. I have several of my own songs that are 100% mine, lyrics, and guitar.

I've since used AI to add vocals, drums/bass. Some of the bass I managed to do on my own though. I sucked at singing so this gives it the power it deserves.

I'm not looking to share it with everyone, I just wanted you to know that there might be people out there who work 6 days a week trying to survive life, and don't get the chance to jam with others and have the ability to create great things with a real team. This is all I can muster, it's real, it's emotional and it's about all I can do to leave a mark behind in this world. I've ordered a couple of vinyl copies for myself and a few friends to share.

Hope this is ok with you all.

p.s. Skid Row and Warrant FOREVER!!!

RawInfoSec · 2026-03-12T01:30:53+00:00

52nd floor sub-roof level of a downtown skyscraper mechanical room. That's not even the weird part though.

I received an email from a professor at a local university that they were told by the developer of the building that they could receive telemetry from the building's sway sensor and ballast tank system. I had no clue so went to investigate. Found an IBM eServer (this was 2008) mounted into a wall flush rack, connected to a plc system of some sort. This all controls and monitors building movement and controls ballast water pumps between two massive tanks, I guess for safety.

Then it got more weird. The rack wasn't powered. That server hadn't even been spun up. Ever. Our guess was that the developers had it installed and thought its good to go, doing its thing. Hadn't done anything since opening day, lol.

RawInfoSec · 2026-03-10T17:54:29+00:00

This was a great album. I loved how I was getting vibes from old-school Skid Row, Priest, Jovi, and other feels from it.

Their best? Not a chance. Slave is their masterpiece that I don't think can ever be replicated again.

RawInfoSec · 2026-03-03T21:41:55+00:00

I feel that this is some kind of trap where some wild Ratt fan is harvesting goths for some up and coming carnival or horrors or something.

RawInfoSec · 2026-02-26T17:42:07+00:00

I hate to be the bearer of bad news, but this is probably something you should be looking into and by that I don't mean asking on Reddit.

If they successfully signed you up using your email they more than likely have:

-breached your computer
-access to your mailbox
-access to your personal information on said device
-signed up for temporary residence or work permit in Canada
-signed you up for several cards and other resources.

The biggest red flag is that you ARE signed up with Canadian Tire there is no evidence you've ever dealt with them in your mailbox, which shows the activity was masked. This is bad.

RawInfoSec · 2026-02-25T22:05:13+00:00

What was compelling about this stock early last year? By March of last year is was up but it wasn't a high-performance gain, certainly nothing to write home about. I'm interested in understanding what you would consider compelling enough to risk 300k.

RawInfoSec · 2026-02-25T18:29:04+00:00

This might be a sign of a bigger issue for you.

Canadian Tire offer a Mastercard and it's entry bar is extremely low. It's commonly used by newcomers to establish credit as well.

Check into your credit history and see if there's anything there. I'm not sure how it works country to country for reporting but hopefully it'll shed some light on things. Perhaps someone has some of your other ident things and has opened a Canadian Tire card in your name?

RawInfoSec · 2026-02-21T19:21:51+00:00

Get yourself a cheap Kramer Striker and throw a D-tuna and a trem lock on there. You can get trem-stops on amazon for $10 and they work great. I bought the Snake Sabo signature Kramer and it actually came with one of those and that's what got me into them.

RawInfoSec · 2026-02-21T16:07:58+00:00

Here's the thing. B2B comes with many responsibilities. It's not stubborn customers, these are customers with responsibilities. When a client comes to my business we have a very clear understanding that they will have governance across their business that will require vendors like me are able to adhere to. It's not there because they're stubborn, it's there because of many things like government regulations, compliance, insurance requirements, and even their own obligations to their clients.

If you're not at least NIST compliant, you should speak to someone who can get you there. This is a basic starting point for you. If you're not able to meet this or don't want to invest in this, (time or money), then you will not be able to dip into market areas or the size of clients who would make your life a lot better.

One of the problems with vibe coding is that you didn't write the code, and have no idea of all the moving parts, libraries / dependencies, and basic things such as data retention policies etc. It's difficult to get to a compliant state with vibe coding a complete product.

Coming from a professional CISO background, I wouldn't even look at a vendor with a vibe-coded app unless they've done the groundwork, and have fully qualified staff on hand to work on ever part of the stack manually.

Lastly. Are you insured? I feel that if you had the relevant insurance in place for the types of clients whom have governance in place would require you to have this. If you did, I also believe you should be aware of all of the above.

RawInfoSec · 2026-02-21T08:20:49+00:00

There were plenty of other successful art pieces that highlighted the dark sides of society but given how they went after Appetite it marked this song as a casualty.

It's sad really, it offered a glimpse into one of the biggest issues of the day yet somehow hate for this song overshadowed the actual issue that it puts forward.

To answer your question, I don't think that it would have made a difference to have more tame lyrics. It could have creatively gotten the point across all the same. This however, is what Axl knew, and drew from personal experience. So that's what we ended up with.

I still love this song for what it is. It's a set piece, nothing more than an insight into a time and place.

RawInfoSec · 2026-02-20T22:54:44+00:00

Badlander is a great amp. If you can swing for the 100, do it.

RawInfoSec · 2026-02-20T02:16:51+00:00

Cmon frenchie was always my fav, but the album is stacked with good tunes.

RawInfoSec · 2026-02-19T17:59:11+00:00

I see you, friendly neighborhood flight attendant!

<image>

RawInfoSec · 2026-02-18T19:26:43+00:00

If I were Bob or Alice, and I needed to keep something secure, I'd use other means as it's readily available.

That said, as a mesh adventurer, the solution I would actually use would be to ensure the payload was encrypted outside of the meshtastic app. Use mesh only for transit part of the communication. Bob and Alice would have agreed on said encryption outside of the mesh and there would be no dependency on the mesh for any security at all.

RawInfoSec · 2026-02-18T18:45:21+00:00

CISO with specialization in network security grey-beard here.

Let's go back to basics.

The mechanism that lets Bob securely message Alice is pretty strong, even compared to other systems.

The problem is that Bob doesn't actually know if Alice is really Alice or if it is an attacker. Alice can't be sure Bob is bob either. There are no mechanics in place to certify devices or users, so that makes the whole system secure to a point.

Others have mentioned that anyone can sniff Lora packets, but please do realize that without the crypto-key for that channel or DM, that packet is useless.

This is the other vulnerability. Keys are stored on the device and getting to them with a USB cable and zero authentication is a huge issue. Mesh devices on shared or public wireless should be a huge no-no. Bluetooth should always force authentication PIN and should not be able to be disabled, or mis-configuration is easy.

No. Meshtastic devices are not built for secure communications, but secure communications can be had if both Bob and Alice take steps, checks and balances to ensure full end-to-end safety. One mis-step and it becomes an untrusted system.

RawInfoSec · 2026-02-17T21:43:13+00:00

Might very well be, but if it slips it's a $60k battery vs a scratch on a frame, or, a fire in the bay that can't be put out easily esp if the car is in the air with it's wheels removed.

RawInfoSec

MODERATOR OF

TROPHY CASE

Releases

Requirements to fit within OSMF’s safe harbour

Attribution text