BuoyantCitrus

While perusing some coffee to buy from my favourite roaster that also is extremely transparent about pricing, this caught my eye:

$7.35 USD per lb including $0.65 USD per lb "reciprocal" tariff placed on Ethiopian imports. * This coffee entered the US before being imported into Canada.

Hm. Seems the niche importer they worked with to access these particular beans was American. Since we're a small market, I suspect this kind of thing is going to be happening a lot.

I got an initial take from an LLM and apparently the company importing from Ethiopia and re-exporting to Subtext is eligible for a refund on the duty (a "drawback") but a big, um, drawback of that is that it's fairly onerous:

• Many importers use a drawback specialist or broker because the paperwork is complex; fees are usually contingency-based (e.g. 20–30% of the recovered duty).
• For small, irregular shipments, filing costs often outweigh the refund, so many small importers simply don’t bother.
• For large distributors or commodities with steady re-export flows, drawback is routine and worthwhile.

Curious if anyone has similar anecdotes or run across an attempt to quantify this sort of trade flow and effect of US tariffs? I wonder if the impact of this across every little thing adds up to a meaningful amount of inflation?

Two parts that stuck out for me were:

"There's no hiding from it. They can turn your phone into a camera. They can turn it into a microphone. You can turn the power off, they can still use the device. It's the most intrusive thing that exists in the world today."

and

He also learned from the April 2023 affidavit that the RCMP had ordered an ODIT on his union phone during the time he was engaged in collective bargaining conversations that year. He says this breached not only his privacy, but the privacy of some 19,000 union members.

It's concerning what a few billionaires are doing but there are way more of us so if everyone is doing small things it can add up.

One easy one is noticing where businesses you deal with get their boxes. My favourite coffee roastery used to use Uline boxes but is switching suppliers after they learned the back story on those guys: https://www.propublica.org/article/uline-uihlein-election-denial

What are some other small ways you've found to push back on the attempted coup of our southern neighbour?

I've blithely assumed that backups / snapshots of my home dir (including my Thunderbird profile) were covering my email. But it occurs to me it may be more difficult than expected.

I have message synchronization on for any folders I care about ("for offline use"). What I was assuming this meant was that if my mail host disappeared or mysteriously deleted an important folder, I would still be able to switch to a backup, start TB in offline mode (via a commandline parameter), and copy those folders to a local folder at which point I could reconnect and drag them back to my new host, a local imapd I use as an archive, or wherever.

But ...would that actually work? Anyone recover email from offline folders? How'd that go?

Edit:

Well, there can never be too many reminders to verify our backups and I'm all for that but that's less what I was after. I was specifically thinking about the scenario when an IMAP host somehow loses an important folder or disappears entirely. How would it go to recover from a sync'd folder in tb? What caveats would there be? Would attachments show up?

But ya, this post was silly, it's easy enough to try. Yes it works, yes the attachments come with. No major issues in my limited test.

However, I did learn one annoying thing: there is no command line option to start Thunderbird in offline mode. So in the case where the folder was deleted on IMAP I'd either have to:

• disconnect from the network before running the app
• quickly toggle offline before it finishes connecting and deleting the folder
• use the pref to prompt if you want to go online every time you start

I think for as rare a scenario as this is it's fine to just disconnect but I'm a bit surprised it really doesn't seem to have a flag for it.

I know it's my fault for believing what my neglected laptop told me about its battery but I went ahead an did a kernel update anyway and wound up needing to repair my system.

After a quick search I wound up on https://wiki.debian.org/GrubEFIReinstallOnLUKS per usual.

The biggest hassle of this is having to type out the longish for loop to bind the various vfs to the chroot environment. It was bad enough when it was proc/sys/dev but it's worse these days:

for i in /dev /dev/pts /proc /sys /sys/firmware/efi/efivars /run; do sudo mount -B $i /mnt$i; done

I realise there are various things that'd automate that if I connected the rescue image to the internet and added a package but that's also hassles as I've really just booted it with the express purpose of reinstalling grub.

But maybe there is already some form of shortcut for this in the system that I've missed? Or some existing ticket/effort to enact one I could +1?

My Keychron Q11 showed up recently and I've been super happy with it. Main reason was that my Noppoo Choc Mini finally lost a switch and I don't have any on hand (nor a soldering iron ...yet) but it turns out I actually really wanted the pair of rotary encoders on this and didn't even realise.

Specifically, I've got it bound to Ctrl-PgUp/PgDown so I can scroll through my tabs with it and close them with a click binding to Ctrl-W and that's working out really well.

Anyone else use the knobs like that? I've got the other one set to volume and the vendor had zoom as a suggestion but I wonder what else people do with these?

Bonus newb Q: On the product page they demonstrate binding Ctrl-+ zooming to the encoder via a macro but neither macro13 nor the {KC_LCTL,KC-W} type syntax would let me click "Confirm" when trying to associate it to the knob in Via (eg. it wouldn't let me follow their example). Luckily it was happy with the alternative of LCTL(KC_W) that I stumbled on somewhere but now I wonder how to properly associate a macro to a knob?

Last time I needed to add rf to a desktop, Intel AX200 seemed like the chipset to get. But now there are various new standards and the BE200 apparently has issues with AMD systems? So is there something newish from Qualcomm or others that I should be aiming for or would I probably be better off just picking up an AX210?

Since the card might be kicking around a while I'm curious what has the best overall Linux support with as many significant 802.11 standards and Bluetooth codecs as possible for general future-proof-ness. Would also be nice if it had good support for AP mode as that's sometimes handy or I might repurpose it into a router at some point.

Apparently, while it's closed for new donations, liberapay is still going to renew existing ones.

cross-posted from: https://lemmy.ca/post/1926125

Too many perfectly usable phones are put into a questionable security situation by lack of vendor support for keeping key software up to date.

But what's the actual risk of using an Android phone on a stock ROM without updates? What's the attack surface?

It seems like most things that'd contact potentially malicious software are web and messaging software, but that's all done by apps which continue to receive updates (at least until the android version is entirely unsupported) eg. Webview, Firefox, Signal, etc.

So are the main avenues for attack then sketchy apps and wifi points? If one is careful to use a minimal set of widely scrutinised apps and avoid connecting to wifi/bluetooth/etc. devices of questionable provenance is it really taking that much of a risk to continue using a device past EOL?

Or do browsers rely on system libraries that have plausible attack vectors? Perhaps images, video, font etc. rendering could be compromised? At this point though, that stack must be quite hardened and mature, it'd be major news for libjpg/ffmpeg to have a code-execution vulnerability? Plus it seems unlikely that they wouldn't just include this in webview/Firefox as there must surely be millions of devices in this situation so why not take the easy step of distributing a bit more in the APK?

I'm not at all an Android developer though, perhaps this is very naive and I'm missing something major?

Too many perfectly usable phones are put into a questionable security situation by lack of vendor support for keeping key software up to date.

But what's the actual risk of using an Android phone on a stock ROM without updates? What's the attack surface?

It seems like most things that'd contact potentially malicious software are web and messaging software, but that's all done by apps which continue to receive updates (at least until the android version is entirely unsupported) eg. Webview, Firefox, Signal, etc.

So are the main avenues for attack then sketchy apps and wifi points? If one is careful to use a minimal set of widely scrutinised apps and avoid connecting to wifi/bluetooth/etc. devices of questionable provenance is it really taking that much of a risk to continue using a device past EOL?

Or do browsers rely on system libraries that have plausible attack vectors? Perhaps images, video, font etc. rendering could be compromised? At this point though, that stack must be quite hardened and mature, it'd be major news for libjpg/ffmpeg to have a code-execution vulnerability? Plus it seems unlikely that they wouldn't just include this in webview/Firefox as there must surely be millions of devices in this situation so why not take the easy step of distributing a bit more in the APK?

I'm not at all an Android developer though, perhaps this is very naive and I'm missing something major?