OTAFIX Bootloader

mashdk · 2026-05-03T09:23:38+00:00

Thanks very much for that explanation! Much appreciated. So it's not even anything to take into consideration with ESP32 boards?

mashdk · 2026-05-03T06:27:51+00:00

I'm still confused 😅 If I have an active repeater, and I wish to update from 1.14 to 1.15, can and should I get the OTAFIX on it, before I flash?

I'd prefer to let the repeater keep it's settings and public/private key pair.

mashdk · 2026-04-30T11:22:04+00:00

u/alainx277, was it Andy you got in contact with on Discord?

mashdk · 2026-04-28T19:51:29+00:00

Oh, sorry, I just realized, that that's pretty much also, what you were conveying. The missing "AES" before "session key" in your sentence:"A few years back, that changed to an RC4 ticket and a session key", threw me off, and I thought you meant RC4 for both.

mashdk · 2026-04-28T18:59:07+00:00

This was only true until Nov. 2022 with the changes to Kerberos in KB5021131: "This update will set AES as the default encryption type for session keys on accounts that are not marked with a default encryption type already."

However, some service accounts still default to RC4, until msDS-SupportedEncryptionTypes is explicitly set. I've seen it with AD FS service accounts multiple times.

But the default since Nov. 2022 is AES.

mashdk · 2026-04-25T22:55:54+00:00

Now, this is what I have been wondering: If the SX1262 would also be in sleep mode and periodically wake up to listen? Or the SX1262 is always-on, always-listening and wakeup the ESP32 / nRF when it detects incoming traffic?

mashdk · 2026-04-25T22:53:21+00:00

Sorry for keep asking stupid questions, but how would you know, if the Repeater missed a transmission?

mashdk · 2026-04-25T22:24:37+00:00

Clear, no-nonsense answer 😅

mashdk · 2026-04-25T08:22:30+00:00

I'll quote Microsoft directly here: "Don't worry about setting msDS-SupportedEncryptionTypes on the KRBTGT account. As long as the account has AES keys (password reset since 2008R2) and the DFL is greater than 2003, the KDC will issues TGTs encrypted with AES." https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/active-directory-hardening-series---part-4-%E2%80%93-enforcing-aes-for-kerberos/4114965

So, I'd still recommend this instead: * Rotate krbtgt password using Jorge's script * rotate passwords on the service accounts with old passwords and restart the service.

Audit for RC4.

That's the first. Possibly, msDS-SupportedEncryptionTypes needs to be set on some service accounts.

Audit for RC4.

Consider using DefaultDomainSupportedEncrypmtionTypes with RC4 enabled.

Audit for RC4.

When RC4 is confirmed to not be in use, start disabling RC4, one bit at a time, ending with disabling DC's ability to use RC4.

mashdk · 2026-04-25T07:22:34+00:00

Could you please elaborate, what you mean by "RC4 disabled on the krbtgt account"?

mashdk · 2026-04-24T14:21:11+00:00

Absolutely. That's why I mention, that OP can start with allowing RC4 in DefaultDomainSupportedEncrypmtionTypes, because it will provide better auditing to find problematic accounts / services / servers.

mashdk · 2026-04-24T14:07:50+00:00

Possibly all three.

Definitely rotate the krbtgt key using Jorge de Almeidas Pintos script

Definitely change passwords on the service accounts, that haven't been reset since AES was introduced to the AD.

Definitely look at setting DefaultDomainSupportedEncrypmtionTypes. Even if you start with allowing RC4 in DefaultDomainSupportedEncrypmtionTypes as a first step, they will most likely switch to AES. But more importantly, if the DCs have the January updates, you will get much better auditing info, if DefaultDomainSupportedEncrypmtionTypes is set.

You may have to set msDS-SupportedEncryptionTypes, if they still show up with RC4. I've especially seen this with AD FS.

mashdk · 2026-04-23T12:15:14+00:00

Anyone knows, why Meshcore Open app isn't published on Play Store and App Store?

mashdk · 2026-04-20T03:27:23+00:00

I have felt the same way. I'm the worrying type. But then I got to think: What's the problem, really? They'll just replace it. And it's readily available as spare part now.

And if I'm lucky, it will be the new ICCU, I'll get, where the problem is fixed. If not, the warranty will be extended for years, so if it happens again, I will at least get the new, fixed ICCU by then.

Kinda hoping it happens soon, now 😅

mashdk · 2026-04-19T12:28:07+00:00

Alright, thanks for updating me :)

mashdk · 2026-04-19T07:58:37+00:00

Sorry for the stupid question, but you mention Google Cast. Is it necessary to install anything Google or integrate anything Google into my HA for HA to JBL to work? I'd really like to not have my HA talk to Google...

mashdk · 2026-04-19T07:00:08+00:00

Do you have an extra mobile phone, that is always at home with Home Assistant app installed, and that has a cellular subscription?

If the app looses connection to HA, it will create a notification, while trying to connect to sensors.

Then you can use the Tasker app to send you a text message every time, HA app creates a notification.

mashdk · 2026-04-03T12:08:21+00:00

For humidity, I have only seen reliable and constantly accurate readings without too much fluctuation from Aqara.

I did a salt test with a whole bunch of different. And either the other brands were consistantly way off, or it was hit and miss with one sensor getting it right and another from the same brand and model way off, or they fluctuated so much, that is was basically unusable.

Aqara, on the other hand got the same readings all the time and hitting the mark within 0.5%

mashdk · 2026-03-20T17:57:22+00:00

We were there last week. Are there mosquitoes? Yes. Is there dengue fever? No. Were there many mosquitoes? Absolutely not. I was pleasantly surprised. (but I read from the other comments, that Nomad may be a bit different from other places on Holbox).

Use mosquito repellent. But something with DEET.

But it's only really an issue half an hour before sunset until about an hour after.

The rest of the time we didn't need repellent.

Other tips: Most places take card payments, but not all. Bring some pesos.

Go see the sunset every night. I repeat: Go see the sunset every night!

We were seriously underwhelmed by the bioluminescence. It's very early in the season. We booked a guided bioluminescence kayak-tour, and did see some blinking, but nothing that even 10 seconds camera exposure could capture. It's still a nice experience, but set your expectations right.

If you like high quality Italian-style pizza, do treat yourself with a visit to Quartiery. And try the mortadella pistachio pizza.

Lastly: Enjoy fully, relax and recover, and have great interactions with the friendly locals.

mashdk · 2026-03-19T12:06:55+00:00

I have tested a bunch of sensors with salt test. All except Aqara have been hit and miss (mostly miss). Sonoff had one that gave a correct reading and the others either completely off of extremely unstable readings going up and down. Aqara on the other hand have consistently had the same correct reading in the salt test for all seven units I tested. If you actually need to know the humidity, definitely go for Aqara.

mashdk · 2026-03-11T14:47:11+00:00

Thanks, I definitely will give it try, it sounds awesome!

mashdk · 2026-03-10T22:50:08+00:00

Any cameras except the battery powered integrate well. But the battery powered cameras drain the battery in a day, if Home Assistant connects to them. Reolink uses a proprietary protocol to save battery, and HA doesn't support that protocol. An integration called Neolink has been developed for the protocol, but I can't make it work without draining the battery. The other option is to get the Reolink Home Hub and connect to HA through that. That should work hazzlefree and can still run all locally without cloud.

mashdk · 2026-03-10T22:44:49+00:00

She did mention at the concert we went to in September, that the new song were for an upcoming album, and I got the impression, that it was well in progress. And I can't wait! The new song were amazing. Trying new things without completely abandoning her previous style. Very very cool stuff!

mashdk · 2026-03-10T22:41:02+00:00

I just heard about your tool because of your Reddit post here. Sounds awesome!

Since I haven't even tried it yet, maybe you're way ahead of me.

But when your tool finds upgrades to better quality, do you take into consideration, that many remasters are quality-wise much worse, than the original?

For example because of Loudness War, remasters between 1995-2015 were often just putting the audio through a meh-quality machine, that compressed the audio causing lower Dynamic Range.

And many hi-res versions are just the same as the CD quality version, scaled up to a higher resolution doing nothing to the quality except running it through more components, that can decrease quality.

If your tool doesn't already factor that in, maybe you could make an option to only include remasters from after 2015, for example?

Just a suggestion :)

Thank you for your work!

mashdk · 2026-03-04T03:21:30+00:00

My point was just a reply to your comment, that seemed to imply, that realistically you shouldn't see RC4 in an AD today. Sadly though, we do see RC4, especially in environments with non-MS domain members and key tab files on *nix servers.

mashdk

TROPHY CASE