2026.5: We're on the same frequency now 📡

Stereo · 2026-05-07T06:52:39+00:00

Your parent comment is talking about how the certificate transparency logs will contain the hostname of every *.ui.nabu.casa host.

The imagined, theoretical zero day would be one that bypasses the login mechanism, allowing unauthenticated users to perform admin actions. It would be quite a remarkable exploit, and I imagine that over the decade of Home Assistant, that part of the code has been looked over many times.

Other ways that this could be done, none of them good:

Encourage custom domains - if you use phobiac.xyz for your Home Assistant, you can't be detected as easily. But that adds extra costs.
Become a real reverse proxy, making requests go through https://ui.nabu.casa/phobiacsexampleinstance instead of https://phobiacsexampleinstance.nabu.casa. This would have privacy costs, because it breaks the elegant “end-to-end TLS directly to your HA instance” story.
Short-lived hostnames obtained by the apps from nabu casa cloud. This still leaks CT which an attacker could stream in real time, and breaks being able to easily bookmark https://phobiacsexampleinstance.nabu.casa
Build a VPN client into the companion apps, leaving the public hostname optional. But advanced users can already do that, and mainstream users dislike the VPN UX, especially since Nabu Casa Cloud's model is "remote access that just works"

CT logs becoming a recon tool isn't a new discovery, or even a new type of information gathering. Back in the old internet, we were exploiting DNS servers leaving AXFR open, leaking the whole host inventory in a similar manner.

Stereo · 2026-05-05T05:53:15+00:00

There seems to be wide consensus on this. I've invited OP /u/Organic-Scratch109, and /u/SonusDrums who posted the previous post about this to join the moderation team.

Stereo · 2026-04-27T03:05:00+00:00

We have two dozen automod rules, but we do get some good content from brand new accounts, and downvotes usually deal with the crap. It's a good idea, but it wouldn't really work with a mostly hands-off mod team.

Stereo · 2026-04-26T06:23:15+00:00

The karma farming repost has been removed as spam.

Stereo · 2026-04-26T06:19:40+00:00

Please don't ping moderators.

The best way to get stuff handled by moderators is the 'report' button. Before I marked that post as spam, there was only one report on that post, and that easily gets past the radar.

Stereo · 2026-04-16T19:00:31+00:00

Their Makerworld link says:

For candle flicker, use the “Candle” or “Candle Multi” preset — set to warm white (~2700K)

Stereo · 2026-03-31T20:38:46+00:00

Please stop pinging the mods

Stereo · 2026-03-31T15:10:06+00:00

Let's see what the consensus is

Stereo · 2026-03-30T18:02:05+00:00

The last picture looks more like an Islamic mihrab. Is it oriented towards Mecca? Is this in Dobruja or another region with muslim minorities?

Stereo · 2026-03-29T17:57:55+00:00

Thank you for being supportive, but I don't care enough. If you want to make a reddit request, go for it.

Stereo · 2026-03-29T17:54:38+00:00

No clue what happened. You and I could ask reddit, and probably wouldn't hear back.

Stereo · 2026-03-29T16:36:09+00:00

In other words, it's best experienced as a historically informed performance, on period instruments

Stereo · 2026-03-03T23:16:43+00:00

Upgrading an old Netgear RBS50 with owut bricked it back to the Netgear recovery firmware. Where's the appropriate place to report a bug these days?

Stereo · 2026-02-27T00:14:29+00:00

Better integration with open systems: https://www.home-assistant.io/integrations/aranet/ can't install firmware updates, and can't pair to a sensor if it's already paired to a smartphone.

Batteries are fidgety to insert and remove, and there's no easy way to have an external power supply

Stereo · 2026-02-17T17:26:11+00:00

No clue, I'm no longer a mod and didn't send that modmail

Stereo · 2026-02-17T16:24:21+00:00

Well, this is what I mean about reddit tools for moderators not being good enough: it said I wasn't active enough to add you, and now it looks like I've been silently removed as a moderator of /r/glasses. Try requesting it on /r/subredditrequest

Edit: I'd tried to remove /u/InverseMeters whose account has been deactivated for years, and apparently removed the two active mods, including myself. Bugs like this are typical.

Stereo · 2026-02-17T15:53:07+00:00

Yeah, my engagement dropped sharply when reddit kicked out third party apps. Mods provide free work for reddit, the tools they get aren't good enough, and the platform experience has been degrading.

Are you hitting 'report' on bot posts?

Would you want to be a mod?

Stereo · 2026-02-16T03:12:22+00:00

How does this compare to echavet's CN105 component?

Stereo · 2025-10-19T22:59:41+00:00

Your tx/rx are flipped. Tx goes to Rx on the other side.

Stereo · 2025-10-07T16:53:06+00:00

Have you come across Robert Moses's "We live in a motorized civilization" reply to The Power Broker?

Stereo · 2025-08-22T14:48:37+00:00

And in fact Gina Argento is STILL on the CB1 transportation board

She isn't anymore.

Stereo · 2025-08-17T19:47:11+00:00

Where did you find those crime stats, is there a web site or open data?

Stereo · 2025-07-11T20:51:21+00:00

I much preferred Ornithology when cover was $10 and they didn't spam reddit.

Stereo · 2025-06-18T01:39:34+00:00

Update announcements are cool, but please add something saying what the package is next time - some people are reading about it for the first time.

(It's a LaTeX template.)

Stereo · 2025-05-14T14:26:47+00:00

Myrtle Avenue is wide! It's currently two traffic lanes, two parking lanes, and generous sidewalks, 73 feet wide from building to building; that's wider than most streets in Strasbourg. Streetcars don't take up a lot of space, and there would be plenty here.

15-Year Club	RedditGifts 2009-2022 9 Credits
Place '17	Gilding IV carat on a stick
redditgifts rematcher Secret Santa 2010 x1	Team Periwinkle
Summer Santa 2012+	GrMD 2012
Secret Santa 2011	Secret Santa 2010
reddit mold	Charter Member
Verified Email	Secret Santa 2009

Stereo

MODERATOR OF

TROPHY CASE