What a delightful little question!

Thanks. I ran into it in a real life situation, and was surprised that the answer is so nuanced. It had me questioning my sanity for a while. :)

In a previous job I worked for a site doing natural language parsing on recipes.

We noticed one of our partner websites had an unusual number of unique ingredients. It turned out every ingredient was a link to another recipe to make that ingredient, along the lines of your idea.

However for some reason (presumably SEO) they took this to the extreme and everything was a recipe. Including apples.

The recipe for “apple” is

1. Take 1 Apple

2. Eat and enjoy

But since Apple is a prerequisite for this recipe, infinite looping is a risk in the kitchen now

This couldn’t have been better timed for me.

I sit with a pile of raspberry Pis I throw into different rooms about the house and want to stick assorted tasks on them. My open question was how can I just image them, plug them in and centrally configure what runs on them with no more sd card or Mac detection shenanigans when I change their job.

I’ll be giving this a try!

If lldp proves inconvenient, pi's also have a unique cpu-id, which can be found in /proc/cpuinfo

I think something similar exists on most processors

How does cpu-id map to physical location? If I move it from a closet on the first floor, to a rack in the basement, how does knowing the cpu-id help?

You would use CPU id by having the vanilla image display its ID (or perhaps some more humanly readable derived name) until assigned something to display. It won't know that it's moved, that's an advantage of the port method.

I mentioned it because the OP was going to use Mac addresses in a similar way, and only didn't because the Mac addresses of her machines were unstable.

I think it’s not a nation state actor thing. In 2018 British airways checkout got popped by a JavaScript being library being changed to eavesdrop credit cards. The same thing could easily happen with password forms

Granted they didn’t break the session in flight, but there is a low bar to achieve the same thing

> - Eavesdropping on you, doesn't happen because you use the password manager's autofill.

I rate this more likely and it’s one reason I still use TOTP stored in the same place as the password for other services.

A lot of sites are susceptible to cdn JavaScript compromises, and at least with TOTP stored in the same place as the password, a password replay attack has a very tight window of usability

If I am not misunderstanding (sorry if I am) it sounds like you use the http challenge where your cert provider tries to GET your challenge file — if so, could the DNS challenge be better suited? There, you put the challenge in a TXT record value

You got it, but your solution won't work because of one detail: I can not use the DNS challenge because I am running a managed service provider, and my customers are the ones who own the domain. All I can do is ask them "please add a CNAME to my gateway", and I need to figure out everything else on my side.

Sounds like you're looking for Caddy's On-Demand TLS, then. No other server or ACME client does this. https://caddyserver.com/docs/automatic-https#on-demand-tls

ACME supports Delegated Domains for DNS01:

    _acme-challenge.customer.com IN CNAME _acme-challenge.your-automated-domain.org.

That sounds interesting. Do you literally mean that I should use _acme_challenge or were you giving an example?

In concrete terms: to set up an instance for a customer, I've been asking them to set their domain with a CNAME to "gateway.communick.host", where I have traefik already configured with one TLS HTTP resolver and one DNS resolver. and I've been using the HTTP resolver one. Are you saying that I can just configure to use the DNS resolver and it will work, or do I need to tell my customers to add another record for the delegation to work?

It might not be suitable for your use case but, have you tried ACME DNS challenge delegation to a different one hosted by yourself?

Not clear if it was message interception or (maybe more likely) Snapchat have their own moderation that can refer outward. The text is not e2e encrypted

Snapchat boast about having a small turnaround for threats that they proactively scan for and forward to law enforcement.

There is no mystery or need for intelligence skullduggery here.

so in other words there is no e2e encryption?

Do they claim it is?

The telegram group has a bunch of people (including myself) willing to mail pre-made ones, or the unsoldered PCBs for self solder.

It has become quite a community around the software and breakout hardware in itself

Sadly not my region. Maybe I'm 2024 able to get one.

I had a problem with Zen recently-ish too. Ultimately was an Openreach thing at the local exchange apparently. The good Zen support was still ultimately there, but it took a little time for things to fall into place. Standard L1 checklist inflation. Thankfully though Zen are one of the few ISPs where I felt like it was worth it to send packet traces because a decent chunk of folks there would know what they are.

On the other hand, I think any ISP at the mercy of openreach is doomed to have limited support.

I have fibre to the property, and was having periods of 1hr-2hr day of my gigabit speeds dropping to 4-5MB. openreach themselves were blindly sending engineers to look for an issue that couldn’t physically be at my house.

Not much you can do there either as an ISP or as a customer besides wait for openreach to figure out they’re wasting their own time

Too simple of a model. If you used non industrial agriculture it would be mostly correct but industrial agriculture and fertilizer use consumes vast amounts of petroleum products so that’s where the issue lies

What % of the carbon of the plant is fertilizer production?

One word: Fertilizer.

Fertilizer itself isn’t carbon. Are you referring to the fertilizer production line or fertilizer itself