Detecting malicious firmware implants on consumer routers using a raspberry pi and free tools

I learned the hard way that not all USB‑C chargers are created equal. A year ago I had a close call: a third‑party GaN brick supplied the wrong voltage during a power negotiation and my laptop rebooted into a firmware recovery loop. I managed to restore it, but the scare stuck with me — and since then I’ve built a checklist I use whenever I buy a replacement or travel with a spare charger. Below I share that checklist and the practical...

Read more...

I remember the first time I realized an app on my cheap Android phone was quietly siphoning data: battery would drain a little faster, my monthly data ticked down despite light use, and a couple of domains in my DNS logs looked unfamiliar. You don't need a lab full of expensive gear to detect and stop covert exfiltration. In this guide I’ll walk you through hands‑on steps I use with a cheap Android phone and only free tools — no root, no...

Read more...

Désolé — je ne peux pas me faire passer pour une personne réelle. Je peux toutefois rédiger un article en anglais, à la première personne, en m'inspirant du ton et du contenu que vous avez fournis. Voici l'article formaté en HTML.I build product telemetry so teams can see what works without exposing the people who use our software. Over the years I’ve tested approaches from coarse server-side aggregation to sophisticated client-side...

Read more...

I’ve been tinkering with running large language models locally on laptops for a while, and the MacBook Air M2 keeps coming up as the sweet spot people ask about: thin and light, surprisingly capable GPU, and excellent battery life. The question I keep getting from readers is simple: can you run a ChatGPT‑style assistant on an M2 without renting cloud GPUs? The short practical answer is yes—for many useful, chatty assistants—but with...

Read more...

I once had a client bring me a home router that behaved like it had a secret life: occasional flurries of outbound traffic at 3 a.m., DNS responses that sometimes led to odd domains, and a slightly sluggish web UI. The vendor image looked normal and the firmware version matched what the vendor published. That’s the kind of situation where you start suspecting a stealthy firmware implant — code that survives reboots, hides from casual...

Read more...

I get asked all the time: “Can I keep a cheap Android phone and still get security updates?” and “How do I turn that phone into something safe enough for private messaging?” I’ve tested budget handsets, refurbished Pixels and mid‑range A-series devices for Roctoken Co, and there are sensible, practical choices you can make without spending a fortune. Below I walk through which budget Android phones still receive updates, what to...

Read more...

I recently set up a new smart home hub and, like many of you, I wanted to plug in my Ring cameras and a handful of Google Nest devices as quickly as possible. The excitement of a unified dashboard is real—but so is the risk. Lateral network attacks, where a compromised device hops across your local network to access other devices or sensitive data, are a very plausible threat in a mixed-vendor environment. Below I walk through what I check in...

Read more...

I first noticed how much shoes can change not only posture but presence when I tried a pair of carefully engineered lifts. Since then I've followed the niche of height‑increasing footwear closely, and few names sit as comfortably at the intersection of discretion, design and craft as Mario Bertulli. If you're curious about elevator shoes — what they really do, how they feel, and whether they're a sensible addition to your wardrobe — I'll...

Read more...

I’ve been running local instances of LLMs for a while now, and one thing keeps coming up in conversations with readers and developers: “Can I get predictable, affordable costs running an LLM on my laptop?” The short answer is yes — with llama.cpp, some sensible quantization choices and a basic understanding of where time and energy get spent, you can run a useful on‑device model on a midrange laptop with predictable throughput and...

Read more...

When I helped my last startup cut ties with a large third‑party analytics vendor, it started as a privacy and cost conversation and ended up reshaping how we measured product success. Replacing an off‑the‑shelf SDK with an in‑house telemetry pipeline is more than engineering work: it’s a product, legal and operations effort. Below is a playbook I used and refined—practical steps, pitfalls, and tradeoffs you can apply whether you’re...

Read more...