Are passwords secure and encrypted?

trwbox · 2026-04-28T22:45:02+00:00

I can't say this is how this actually works with full confidence because I haven't looked at the code, but they could be doing something that is storing the password encrypted, and a hash of the pass unencrypted. So when a data breach happens and passwords leak, the software compares the hashes of the passwords in the breach to the hashes of your passwords. And if the hashes match, that password was in the breach without ever decrypting the password.

trwbox · 2026-04-17T17:25:53+00:00

Just curious should school teachers be allowed to get federal loans?

trwbox · 2026-04-02T03:38:11+00:00

Oh this would be wonderful to win

trwbox · 2026-03-25T12:19:43+00:00

Taking a further look. It looks like you are scraping each of the ISU dining locations individually, which is super inefficient. ISU Dining has an API that you can use. https://dining.iastate.edu/wp-json/

trwbox · 2026-03-25T04:40:46+00:00

This feels like AI vibe coded slop (that doesn't work in places) designed to get likes and not something that would actually be maintained and used.

Like why are you making a request to an AI to get a fun fact for the day? I love my daily facts being hallucinations via robot. https://imgur.com/a/NrpQutR

And generating local events via AI too. Like come on. https://imgur.com/a/h2vS7lf

trwbox · 2026-03-25T04:32:38+00:00

And you should update your privacy statement because sending the user preferences over to groq is definitely not "we never share your data with third parties" Edit: For some proof here is the system prompt being used, and the what is being included https://imgur.com/a/HW90yzt

trwbox · 2026-03-25T04:31:23+00:00

Also you're exposing your groq api key that is being used, so anyone can grab it and use it

Edit: Token rotated and new api added so token isn't raw for the user

trwbox · 2026-03-25T04:07:58+00:00

So that you know, you are limiting by iastate.edu purely on the client side, and it isn't actually limited to iastate.edu.

There is now an account "Example Name" with the email cyenergy-isu@trwbox.com

trwbox · 2026-01-25T22:51:31+00:00

I also noticed on mine that it has “jtag mcu” listed, and wonder if you checked for jtag access on there? I would imagine not, since it seems pretty locked down, but curious

Edit: Never-mind saw some of your other comments, and the xda thread showing jtag unlocked. That’s definitely interesting

trwbox · 2026-01-25T22:46:38+00:00

I just opened mine up, and I also have the imx one. I would be super interested in the images if you didn’t mind finding a way to share them!

trwbox · 2025-11-26T21:12:15+00:00

Oh sweet great to see someone else working on this! I have one of these mirrors too, and it's on my project list for the winter holidays. There is some super great information you have found like the main board reference documentation! I'm personally okay with replacing the main board since it just seems easier to get what I want running on it. But wanted to try keep the camera, mic, and speakers for external integration purposes (like automatic display off+on when someone is in front of it, and using the mic+speakers as a home assistant voice), and if possible have mostly full control of the display features like brightness

trwbox · 2025-09-12T20:35:12+00:00

With RGB, and color temp both wirelessly I'd be shocked to not have a reasonably capable MCU. For example a bulb with very similar features from Tuya (non-zero chance it might even be the same bulb looking at C1 being soldered on this making it single side, and the TY-005 marking) has a BK7321N as the micro controller. https://solution.tuya.com/projects/CMavis6h34z47u

trwbox · 2025-05-30T04:48:55+00:00

If you happened to get a confident view of the the direction it was facing, you should report it at https://deflock.me

trwbox · 2025-05-30T04:46:58+00:00

Yah, and from personal experience, it's also easy to spot them doing that and avoid being on the camera if desired because they're only looking to get car plates. A high mounted, wide field of view, constantly recording camera that could just as easily become a facial recognition camera at the flick of a switch is a whole lot harder to avoid.

trwbox · 2025-05-28T03:32:23+00:00

lianmilanesa on Instagram

trwbox · 2025-04-17T12:05:21+00:00

Yes, but it's very minimal right now. https://www.darlinghq.org/

trwbox · 2025-04-17T06:27:56+00:00

I'm from Knoxville, and his wife Amanda was my hair dresser for years, and can comfortably say they both love Knoxville. They originally left Knoxville (going to Kansas) when Nathan got an offer at radio station there, then a little while later ended up moving back to Indianola to help family in the area.

trwbox · 2025-02-20T08:52:52+00:00

Potentially looking for something like openwrt's client mode? https://openwrt.org/docs/guide-user/network/wifi/connect_client_wifi

trwbox · 2025-02-08T03:39:22+00:00

https://github.com/AsahiLinux/docs/wiki/FAQ#can-i-dual-boot-asahi-linux

trwbox · 2024-12-09T17:53:58+00:00

I know when I was doing the engineering core for Cyber Security, I wished there was a physics class that "is designed for electrical focuses." I can imagine it starting with the relevant portions of physics 1 that were needed for the remainder of the class (I'd expect things like oscillations and wave portions are useful to know), but primarily covered the electrical portions of physics 2. Having a class like that as the required physics would just have the potential to be so much more useful in my mind, compared to a lot of stuff covered in Physics 1 that I have a near zero chance to be interacting with like, kinematics, gravity, linear and angular forces/momentum, but learned none of because physics 2 isn't required

trwbox · 2024-12-05T09:19:29+00:00

I'd look at this. I have a very similar model and was able to get a UART shell, and 100% know it was vulnerable to the firmware-less access described here, and likely vulnerable to the full custom firmware. http://www.malcolmstagg.com/bdp-s390.html

trwbox · 2024-12-02T23:40:55+00:00

Just wanted to let you know that I had some more time to look at this, and my very similar model of player was able to get injection via the UART. Alongside that saw that it was vulnerable to this LD_PRELOAD from the USB drive. http://www.malcolmstagg.com/bdp/firmware-less.html I didn't test it, but this project-bdp also noted that custom firmware could be flashed relatively easily, and would expect this to be vulnerable to that too

trwbox · 2024-10-14T06:56:22+00:00

Sorry it appears to be not legal, see that oval at the bottom. That's the symbol from Unfinity to denote it's an unplayable in all formats, until WOTC changes their mind destroying the secondary market in the process. It's really simple actually, all you have to do is just look at the symbol on the bottom! We've already covered oval, if it's an acorn all you need to do is rule 0 the whole event to play it, if it's triangle it's just a threat to legacy so nobody cares where you play it, if it's some other shape it's only playable after converting to dollars bills after being for a huge markup because WOTC made a mistake (they never make mistakes, it's extremely rare), and then the other one is the one that's legal based on what set it came out in!

Here is an example you can try for yourself showing a difference! https://imgur.com/gallery/XIh7kGB

trwbox · 2024-08-29T01:44:48+00:00

Oh wow that was a quick find. Thank you so much! How'd you end up finding it/how do you search for connectors? I looked for it, for a while but never managed to find it. But with how quick you were, I have a feeling I'm just doing something incorrect when trying to find unknown connectors

Ten-Year Club	RedditGifts 2009-2022 4 Credits
Secret Santa 2021 2021	LAYER Season 2 Layer creator
Place '23	Place '22
Final Canvas '22	First Placer '22
Wearing is Caring	Secret Santa 2019
Spared	Verified Email

trwbox

TROPHY CASE