Posted on
by

On December 18, 2024, the Wall Street Journal reported that “U.S. authorities are investigating whether a Chinese company whose popular home-internet routers have been linked to cyberattacks poses a national-security risk and are considering banning the devices.” I learned a few interesting facts beyond the top-line story:

  • “The router-manufacturer TP-Link, established in China, has roughly 65% of the U.S. market for routers for homes and small businesses.” TP-Link’s home and small business marketshare for routers was only 20% in 2019. The Wall Street Journal attributes the jump to an increase in working from home beginning in 2020 and TP-Link’s low prices.
  • “The Justice Department is investigating whether the price discrepancies violate a federal law that prohibits attempts at monopolies by selling products for less than they cost to make…” (Note: For whatever it is worth, I do not think TP-Link is strikingly cheap compared to other “popular” consumer routers and access points, but I could be off.)
  • TP-Link devices are used by the Department of Defense, Drug Enforcement Agency, NASA, and other agencies.
  • “An analysis from Microsoft published in October found that a Chinese hacking entity maintains a large network of compromised network devices mostly comprising thousands of TP-Link routers.”
  • According to the Journal, people familiar with the TP-Link investigation have stated that the company does not engage with security researches complainted about security flaws in TP-Link products.
  • “TP-Link routers don’t appear to be related to China’s alleged breaches of at least eight U.S. telecom firms by a group dubbed Salt Typhoon…” Chinese hackers instead targeted out-of-date routers built by Cisco and Netgear.
  • Taiwan has banned government and educational facilities from using TP-Link routers. India issued a warning in 2024 that TP-Link routers present a security risk.

[Source: U.S. Weighs Ban on Chinese-Made Router in Millions of American Homes (Wall Street Journal). Original Link. Archived Link.]

I used a TP-Link router for several years before upgrading to a MikroTik hAP ac3 router. As of the writing of the instant post, I still use a TP-Link wireless access point (it is a pure AP, no router capabilities), but I am in the process of swapping it out for a Netgear router with OpenWrt, which I will use as an Access Point instead of a router.

Posted on
by

I noticed when reviewing my server logs that the comments feeds for individual posts were receiving hits. This is undesirable since the only “comments” we have are pingbacks and webmentions. I wanted to remove the comments feeds from the head. I found a solution in a 2018 Stack Overflow post combined with an addendum from another user. I added the following code to the child theme functions.php both here and on The New Leaf Journal:

add_filter('feed_links_show_comments_feed', function() {
return false;
});

[Solution Source: Users leoauri and Ivan Shatsky on Stack Overflow]

(PS: I am not a WordPress developer. Please do your own research and double check your work before messing with your functions.php, but it seems to be working here. If someone has a better solution, do tell.)

Posted on
by

Back in November 2023, I wrote a joke article about having the good foresight to review the first season of The Angel Next Door Spoils Me Rotten, which had aired in the winter 2023 season, before a second season was announced that fall. While my actual review of the show did surge in views with the announcement, it was eventually overtaken by the joke article (that was not by design) so much so that by the end of 2024, the joke article was my 3rd most-visited article of the year while my serious review was 16th. The joke article just completed its best-ever week in terms of page views (albeit not good enough to overcome my review of Kaori After Story for the number-one spot this past week), and it is showing no signs of slowing down. I wondered what gives. Perhaps it was the release of a teaser image pertaining for the upcoming second season (note: no release date yet).

Posted on
by

According to Roger Sherman, under college football rules, “[i]t’s legal to change a player’s uniform number mid-season—all that matters is the roster submitted to the officials on gameday.” This ensures that the opposing team has the opportunity to review the changes. If the change was not noted before the game, “it would have had to be reported to the official and announced” when the player in question takes the field. There are additional rules, such as those governing changing a player’s number to the number of a player at a different position. Conversely, the NFL avoids any issues by prohibiting in-season number changes. [Source: Roger Sherman (12/30/24)] In an earlier article, Mr. Sherman explained that a college football player change jersey numbers in the middle of a game in order to be eligible to catch a forward pass (players must be wearing a number outside of the 50-79 range to be eligible to catch passes). Here, the NFL has a more sensible approach, allowing the Coach to declare an otherwise ineligible receiver eligible before a play. [Source: Roger Sherman (9/27/24), text fragment link]

Things I learned aside, I highly recommend reading the first source article. Mr. Sherman tells a very fun story about selling a fake punt with subterfuge in an otherwise sleepy bowl game between Bowling Green and Arkansas.

Posted on
by

I came across Gautam krishna R’s blog-post-workflow repository on GitHub last night (being January 2, 2025). In short, it is a GitHub workflow for fetching RSS feeds and adding them to a GitHub profile README.md file. I created a profile repository (I had been meaning to for a while) and added three feeds: My ATOM feeds for this site and The New Leaf Journal and my Buttondown newsletter feed. Everything worked, but symbols in headlines for this feed and New Leaf Journal were being rendered oddly. I tried switching both WordPress feeds from ATOM to RSS. Now everything works perfectly. It is possible that I could have fixed the formatting using the available configuration options, but for this purpose (for mosy purposes, really), there is no difference between the WordPress RSS and ATOM feeds. You can see my GitHub profile with the feeds here.

Posted on
by

Project Owlnet is in the business of banding saw-whet owls to learn more about them. Kayla Randall of Smithsonian Magazine explained how they accomplish this:

The group uses an audio lure to entice the birds, capturing them in mist nets to bring back to the banding station. Once there, they place aluminum bands on the birds—’friendship bracelets for science,’ as they’re called within the project. Project participants also measure the owls’ bills, wings and tails.

While I did not know how one would catch and band a saw-whet owl despite having written All About the Saw-whet Owl back in 2021, that passage is not the thing I learned of the day. What caught my attention was how the researchers estimate how old individual Saw-whet owls are:

They use a blacklight to look at the underside of the owls’ wings and see their molt pattern, which helps determine their ages, a difficult task. Old feathers don’t glow as brightly under the light because the pigment has faded, while new feathers have a brighter glow, Boyle Acuti says.

I would not have guessed that they use blacklights to estimate the age of Saw-whet owls. [Source: Kaya Randall for Smithsonian Magazine]

Posted on
by

I present the following quote from Josh Blackman on taking podcasts out of context:

And this is yet another reason why I severely dislike podcasts. This was a 90 minute long discussion where Vance hit on lots of points. If you pluck out a few words here and there, and ignore the broader context, a lot will be missed. I transcribe podcasts, for good reason.

Josh Blackman

I am not a podcast-person, but I agree with the broad point in Mr. Blackman’s opinion. It is easier to take one line or another from a long podcast out of context than it is in a written piece. Transcribing podcasts sounds like a good approach. [Link: Josh Blackman]

Posted on
by
Commercial Gaming Revenue Growth Continues in Q3 2024, Driving Industry’s 15th Consecutive Quarter of Growth - American Gaming Association (americangaming.org)
Americans legally wagered $30.3 billion on sports [in Q3 2024], generating $3.24 billion in quarterly revenue (+42.4% YoY). Recent market launches in Kentucky, Maine, North Carolina and Vermont contributed to this growth.

According to a press release by the American Gaming Association (always working to improve the lives and morals of Americans), “Americans wagered 30.3 billion on sports” in Q3 2024. [American Gaming Association] This of course only counts legal sports betting,  for example bets like those placed on the official gambling app of our nation’s capital. According to the press release, this legal sports gambling “generat[ed] $3.24 billion in quarterly revenue (+42.4 YoY).” I noted while reading the summary that “legal sports betting” generated more revenue than iGaming in Q4 2024 ($3.24 billion vs $2.08 billion) but substantially less than “[t]raditional brick-and-mortar casino gambling” ($12.28 billion). However, both sports betting and iGaming saw significant YoY increases (the latter was +30.3 YoY) while traditional gambling saw a tiny contraction (-0.9 YoY).

Posted on
by
Best Of 2024: A Trip To Machida, The Real-Life 'Pallet Town' That Inspired Pokémon by Tokyo Game Life (Nintendo Life)
[Machida's] most famous tourist attraction is not Pokémon-related at all. Machida Squirrel Garden is a small petting zoo that features over two hundred squirrels that live in colourfully painted houses. You can even feed and pet the squirrels, though don’t be surprised if they dart off after filling their bellies.

According to animal cafes[dot]com, the Machida Squirrel Garden not only hosts “[h]undreds of adventurous squirrels,” but also “a guinea pig village housing at least a hundred guinea pigs, and some fenced-in pens inhabited by rabbits, small tortoises, chipmunks, and prairie dogs.” [animalcafes.com] I’m sold.

(PS: Don’t tell the New York State Department of Environmental Conservation about this place.)

Posted on
by

I regularly receive unsolicited “cooperation” and “collaboration” offers at my New Leaf Journal email. I receive these despite explicitly stating on our contact page that I am not interested in these offers. Something struck me as odd about how these unsolicited emails are worded. Today, I received a follow-up email from someone claining to be an SEO Outreach Specialist seeking to cooperate with a company he represents “in the SportsBook and Casino industry.” I ignored the original email. The follow-up email, which I will also ignore, asks whether I “got” the previous email. What strikes me as odd is how both emails conclude:

Reply with ‘Unsubscribe’ so you don’t hear from us again.

For one, why would a casino “cooperation” offer be sent pursuant to a subscription. For two, why would I unsubscribe from something I never subscribed to? I wish the spammers made more of an effort to make sense.

Posted on
by

I assumed without checking that I could switch between two accounts in the Element desktop app on Linux. This turned out to not be the case. However, the Ubuntu Community posted a useful guide detailing several workarounds. I tested the first workaround. Assuming you are using the Element desktop client, open Element with your already-established profile. Then go into the console and run:

element-desktop --profile account2

This will open up a second instance of Element where you can sign into a second account or create a new account. If you want to use your second account, simply launch it from the console using the above command. This is a neat solution. I tip my hat to Ubuntu Community for the very clear and concise guide.

Posted on
by

I had been using my Google Pixel 3a XL for reading feeds and web browsing (my “phone phone” is a Google Pixel 6a with GrapheneOS). I switched from LineageOS to DivestOS on my Pixel 3a XL several months ago. Today, I learned that DivestOS is being discontinued. I had originally purchased the Pixel 3a XL when I was still daily driving a Murena Teracube 2e with the intent of using it to run Ubuntu Touch, but I failed on the install and went with LineageOS instead (that was before switching to DivestOS). I figured with DivestOS dead, I would go back to the original plan. This time I successfully installed the correct version of Android per the Ubuntu Touch instructions, went into the Ubuntu Touch installer to install Ubuntu Touch, and installed Droidian (wait what?). I never heard of Droidian until 10 minutes ago, but it installed and looks neat. We’ll see…

Posted on
by

My go-to weather app on my GrapheneOS-powered Google Pixel 6a phone (GrapheneOS is a free and open source security-focused fork of Android Open Source Project) is Breezy Weather. Breezy Weather is open source and available on GitHub, Google Play Store, and F-Droid. I use F-Droid Basic as my app store. There are two flavors of Breezy Weather: Standard and Libre. The difference between them is that the standard version supports non-free weather providers. In most standard vs libre app cases, I opt for libre. However, in the case of Breezy Weather, I want standard because Accuweather is the best weather provider for my area. F-Droid itself has the libre version. Does this mean that there is no hope for me but to obtain the standard APK from GitHub or to use the Google Play Store? Not so! The IzzyOnDroid F-Droid repository has the standard version of Breezy Weather. Thus, all I need to do is enable IzzyOnDroid in F-Droid Basic and then select it instead of F-Droid as my preferred source for Breezy Weather.

Posted on
by

Amazon is selling the Google Pixel Tabel for $280. It supports GrapheneOS and I have been tempted to buy one because my preferred feed reading set-up uses Handy Reading (a free and open source Android feed reader) and the Pixel tablet would be a reading upgrade over my Google Pixel 3a XL (running DivestOS, my main “phone” is a Pixel 6a running GrapheneOS). But $280 is still steep. I just can’t quite get there. We’re sticking with the 3a XL for reading, although I need to work on a more ergonomic reading set-up to avoid right hand cramps.

Posted on
by

I opened X a few days ago to check my profile. Instead of taking me to my profile (I have a special social browser profile where I stay logged in), X told me that I was suspicious and made me complete two very annoying CAPTCHAs to prove I was a person. After getting back into my account, I was told to review X’s rules (no clue as to what “rule” was violated). Then I had to log out and in again to interact with the UI. Everything was back to normal the next day. I only use X to post links to my articles (which is similar to how I use Mastodon, Bluesky, Minds, and NOSTR), so “losing” the account would not have been a serious problem like being blacklisted by Bing for the better part of a year was. But consider my story a cautionary tale for anyone who relies on third-party social media platforms (open source, proprietary, or other) as their primary or, worse yet, sole online presence. Focus on building your online home and then use third-party social media to invite others to visit.