<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: v. Splicer</title>
    <description>The latest articles on DEV Community by v. Splicer (@numbpill3d).</description>
    <link>https://dev.to/numbpill3d</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1890803%2Fcad0d65c-d245-49cd-a357-f94d50b89379.gif</url>
      <title>DEV Community: v. Splicer</title>
      <link>https://dev.to/numbpill3d</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/numbpill3d"/>
    <language>en</language>
    <item>
      <title>I Put a Hailo 8 in a Handheld and Stopped Paying for Inference</title>
      <dc:creator>v. Splicer</dc:creator>
      <pubDate>Tue, 14 Jul 2026 22:23:02 +0000</pubDate>
      <link>https://dev.to/numbpill3d/i-put-a-hailo-8-in-a-handheld-and-stopped-paying-for-inference-3ih7</link>
      <guid>https://dev.to/numbpill3d/i-put-a-hailo-8-in-a-handheld-and-stopped-paying-for-inference-3ih7</guid>
      <description>&lt;p&gt;&lt;em&gt;Cloud AI is a subscription trap. I built an exit that fits in my jacket pocket and runs at 3 watts.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;I got tired of paying rent to think.&lt;/p&gt;

&lt;p&gt;Every cool demo now ends the same way. Sign up for an API key. Add your credit card. Watch your tokens evaporate while someone else logs your prompts. I wanted a device that could see, understand, and reason without phoning home to a data center in Oregon. So I jammed a 26 TOPS AI accelerator into a handheld computer and cut the cord for good.&lt;/p&gt;

&lt;p&gt;This is how I did it, what broke, and why you should probably do it too.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Inference Tax Is Killing Your Projects
&lt;/h2&gt;

&lt;p&gt;We normalized something insane. We took the most personal computing tasks imaginable, like looking at your own photos, transcribing your own voice notes, detecting objects in your own backyard, and decided the best way to do it was to stream it to a corporation.&lt;/p&gt;

&lt;p&gt;It is not just the money, though the money is offensive. Five dollars here for vision, twenty dollars there for embeddings, another fifty when your side project gets a little traction. It is the fragility. Your robot stops working when the WiFi does. Your field tool stops working when the vendor changes pricing. Your privacy focused app is not private at all because it sends every frame to an endpoint you do not control.&lt;/p&gt;

&lt;p&gt;I was building a pocket recon tool for hardware work. It needed real time object detection, license plate blur, and later, local visual question answering. On cloud APIs that meant latency, cost, and a paper trail I did not want. Locally on a Pi 5 CPU it meant about 2 frames per second and a CPU that thermal throttled into sadness.&lt;/p&gt;

&lt;p&gt;I needed dedicated silicon. Not a giant GPU. A scalpel.&lt;/p&gt;

&lt;h2&gt;
  
  
  Enter the Hailo-8, the Chip That Should Not Exist at This Price
&lt;/h2&gt;

&lt;p&gt;If you have not played with one, the Hailo-8 is weird in the best way. It is an M.2 2242 or 2280 module that looks like an SSD, draws about 2.5 to 3 watts under load, and claims 26 TOPS. That number is INT8 and peak, but even with real world overhead it absolutely smokes any CPU or integrated GPU in this power envelope.&lt;/p&gt;

&lt;p&gt;More importantly, it is built for the edge. It does not want a fan the size of your head. It wants a PCIe lane and a job to do. Object detection, pose estimation, segmentation, depth, face recognition, CLIP embeddings, small vision transformers. All the stuff you were paying OpenAI or Google to do for you at 500ms per request.&lt;/p&gt;

&lt;p&gt;I paired it with a Raspberry Pi 5 8GB. Not because the Pi 5 is the most powerful board on the planet, but because it is available, it has a real PCIe lane exposed via FPC, and the community has already solved the boring problems like power and NVMe.&lt;/p&gt;

&lt;p&gt;My base became:&lt;br&gt;
&lt;strong&gt;Pi 5 8GB&lt;/strong&gt; with active cooler&lt;br&gt;
&lt;strong&gt;Pimoroni NVMe Base&lt;/strong&gt; with 1TB NVMe for models and datasets&lt;br&gt;
&lt;strong&gt;Hailo-8 M.2 M key module&lt;/strong&gt; on the NVMe base or via a PCIe switch&lt;br&gt;
&lt;strong&gt;Waveshare 4.3 inch DSI touchscreen&lt;/strong&gt; or a similar handheld shell&lt;br&gt;
&lt;strong&gt;10000mAh PD battery&lt;/strong&gt; with 5V 5A output&lt;br&gt;
&lt;strong&gt;PiSugar or custom UPS&lt;/strong&gt; for clean shutdowns&lt;/p&gt;

&lt;p&gt;Total cost, around $220 to $280 depending on how much you scavenge. Less than six months of mid tier cloud inference if you actually use your tools.&lt;/p&gt;

&lt;p&gt;If you want the exact wiring, thermal pad layout, and which NVMe HATs actually expose both an NVMe slot and an M.2 E key for the Hailo without fighting for lanes, I put all of that in the &lt;strong&gt;&lt;a href="https://numbpilled.gumroad.com/l/offline-ai-cyberdeck-pack" rel="noopener noreferrer"&gt;Offline AI Cyberdeck Pack&lt;/a&gt;&lt;/strong&gt;. It covers the Pi 5 NVMe build, the Hailo-8 integration, the Pico W sidekick for keyboard and sensor input, and the cluster setup if you want to add a second Pi later. It saved me about three dead M.2 adapters.&lt;/p&gt;

&lt;h2&gt;
  
  
  Building a Handheld That Does Not Feel Like a Science Project
&lt;/h2&gt;

&lt;p&gt;Most cyberdeck builds look like a bomb from a bad movie. Wires everywhere, bare PCBs, and a prayer holding the battery on. I wanted something I could actually carry.&lt;/p&gt;

&lt;p&gt;I printed a split case in ASA, two piece clamshell, with vents directly over the Pi 5 active cooler and the Hailo module. The Hailo-8 gets hot but not screaming hot, you just need to give it a thermal pad to the case or a small copper shim. I used a 1.5mm soft pad to the aluminum NVMe heatsink and dropped 18C instantly.&lt;/p&gt;

&lt;p&gt;Power is the real design constraint. The Pi 5 is picky. If you feed it saggy 5V it will throttle and mock you. I used a PD trigger board set to 5V 5A from a 20V PD bank, not a cheap USB power bank that droops to 4.6V under load. Stable power equals stable PCIe, which equals the Hailo not disappearing mid inference.&lt;/p&gt;

&lt;p&gt;OS wise, I ran Raspberry Pi OS Lite 64 bit, kernel 6.6, with HailoRT 4.18. The driver install is painless now. It was not a year ago. The model zoo is actually useful. YOLOv8m, YOLOv8 pose, MobileNet, ArcFace, all pre compiled for the Hailo. For custom models you compile with their Dataflow Compiler, which runs in Docker and does take some learning.&lt;/p&gt;

&lt;p&gt;The moment it clicks is when you run &lt;code&gt;hailortcli run yolov8m.hef&lt;/code&gt; and see 120+ FPS on a chip that uses less power than your keyboard backlight. That is when you realize you have been scammed.&lt;/p&gt;

&lt;h2&gt;
  
  
  Software Hell Is Where the Fun Lives
&lt;/h2&gt;

&lt;p&gt;Hardware is easy. Software is where most people quit and go back to paying Sam Altman $20 a month.&lt;/p&gt;

&lt;p&gt;You have to rethink your pipeline. You are not calling an endpoint anymore. You are building a dataflow.&lt;/p&gt;

&lt;p&gt;My stack looks like this:&lt;/p&gt;

&lt;p&gt;Camera via &lt;code&gt;libcamera&lt;/code&gt; or &lt;code&gt;picamera2&lt;/code&gt; -&amp;gt; preprocessing on CPU with zero copy where possible -&amp;gt; Hailo inference -&amp;gt; postprocessing with NumPy or in C++ if you need the speed -&amp;gt; results fed to a local LLM or to on screen overlays.&lt;/p&gt;

&lt;p&gt;For vision language stuff I run a quantized LLaVA or Moondream 2 on the Pi 5 CPU with llama.cpp, but the image embeddings come from the Hailo. That hybrid setup is magic. Hailo does what it is best at, heavy parallel tensor math, CPU does what it is best at, sequential logic and token generation. Latency for “what am I looking at” went from 1.8 seconds round trip to cloud, to about 0.4 seconds fully offline.&lt;/p&gt;

&lt;p&gt;Yes, you will live in the terminal. You will fight GStreamer. You will learn more about &lt;code&gt;hailo_platform&lt;/code&gt; than you ever wanted. That is the point. You stop being a prompt engineer and start being an operator again.&lt;/p&gt;

&lt;p&gt;I consolidated my whole flow for this, dotfiles, udev rules, &lt;code&gt;hailort&lt;/code&gt; service files, bash wrappers for model swapping, into a setup I now reuse for every build. If you hate debugging drivers for three hours only to realize you forgot &lt;code&gt;dtparam=pciex1&lt;/code&gt;, the &lt;strong&gt;&lt;a href="https://numbpilled.gumroad.com/l/terminal-operator-pack-v2" rel="noopener noreferrer"&gt;Terminal Operator Pack&lt;/a&gt;&lt;/strong&gt; is literally that system. It is Black Terminal, Seamless Terminal, Bash Necromancer, Defensive Scripters, and Scriptkit in one place. It turns the Pi from a toy into a workstation you can actually operate in the field without wanting to throw it.&lt;/p&gt;

&lt;h2&gt;
  
  
  What 26 TOPS in Your Pocket Actually Feels Like
&lt;/h2&gt;

&lt;p&gt;Let me be specific because vague promises are for AI startups.&lt;/p&gt;

&lt;p&gt;On battery, handheld, no fan screaming:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;YOLOv8m 640x640:&lt;/strong&gt; 130 to 145 FPS, person, car, tool detection rock solid&lt;br&gt;
&lt;strong&gt;YOLOv8s Pose:&lt;/strong&gt; 90 FPS, full skeleton tracking that works in a dim garage&lt;br&gt;
&lt;strong&gt;CLIP ViT-B/32 embeddings:&lt;/strong&gt; ~400 images per second for local semantic search of your own photos&lt;br&gt;
&lt;strong&gt;Face recognition with ArcFace:&lt;/strong&gt; Sub 40ms gallery search against 5k local faces&lt;br&gt;
&lt;strong&gt;License plate detection plus blur:&lt;/strong&gt; Real time at 720p with headroom left&lt;/p&gt;

&lt;p&gt;And because it is local, I can chain models with zero API penalty. Detect person, crop, run pose, run face blur, run action classification. In the cloud that would be four billable calls and a second of added latency. Locally it is one frame pipeline that costs nothing after the hardware.&lt;/p&gt;

&lt;p&gt;The killer app for me was not any single model. It was composability. I built a mode for hardware walks. It detects electronics, reads chip markings with a small OCR model, looks up pinouts from a local offline database, and overlays the info. All offline. In a Faraday bag if I want to be dramatic about it.&lt;/p&gt;

&lt;p&gt;Try doing that with GPT-4V without your data ending up in a training set.&lt;/p&gt;

&lt;h2&gt;
  
  
  You Are Not Paranoid If Your Camera Feed Is Actually Leaving Your House
&lt;/h2&gt;

&lt;p&gt;Here is the part people do not want to say out loud. If your security camera, your baby monitor, your workshop camera, or your recon tool needs the internet to understand what it sees, it is not your tool. You are the product and the data source.&lt;/p&gt;

&lt;p&gt;Moving inference local is not just a performance trick. It is a privacy boundary. No telemetry. No retention policy you have to trust. No “we may use your inputs to improve our models” clause buried in paragraph 47.&lt;/p&gt;

&lt;p&gt;When I switched to local, I also locked down the whole device. No mDNS leaking hostname, no Avahi, randomized MAC on boot for field work, encrypted NVMe partition for models and captures, metadata stripped on export by default. It sounds like overkill until you realize your handheld now holds hours of video of private spaces.&lt;/p&gt;

&lt;p&gt;This is the stack that finally made my offline setup airtight. The &lt;strong&gt;&lt;a href="https://numbpilled.gumroad.com/l/privacy-opsec-stack" rel="noopener noreferrer"&gt;Privacy/Opsec Stack&lt;/a&gt;&lt;/strong&gt; covers Nukepack, Ghost Mode, OSINT Pivots, Metadata handling, and the AI Native OSINT workflows. I use the Ghost Mode boot profile and the metadata stripping scripts from it on every cyberdeck I build now. If you are going to stop paying for inference to own your compute, you might as well own your footprint too.&lt;/p&gt;

&lt;h2&gt;
  
  
  Should You Build This
&lt;/h2&gt;

&lt;p&gt;If you love paying per token and you think latency is charming, no.&lt;/p&gt;

&lt;p&gt;If you want a device that works on a plane, in a basement, in the woods, in another country, at a protest, on a client site with no guest WiFi, then yes. Build it.&lt;/p&gt;

&lt;p&gt;You will learn more about real AI deployment in one weekend of fighting PCIe lane configs and model quantization than you will in a month of calling APIs. You will end up with a tool that does not care if OpenAI is down, if your account gets flagged, or if a vendor decides your use case is no longer allowed.&lt;/p&gt;

&lt;p&gt;The cloud is great for training giant models. It is terrible for using them every day.&lt;/p&gt;

&lt;p&gt;My handheld now lives in my bag next to my Flipper and my notebook. It boots in 11 seconds. It does not ask me to log in. It does not show me ads. It just sees.&lt;/p&gt;

&lt;p&gt;I put a Hailo 8 in a handheld and stopped paying for inference. You can keep your API key. I will keep my TOPS.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>programming</category>
      <category>tutorial</category>
      <category>machinelearning</category>
    </item>
    <item>
      <title>The OSINT Workflow That Finally Made My Notes Useful</title>
      <dc:creator>v. Splicer</dc:creator>
      <pubDate>Tue, 14 Jul 2026 22:21:34 +0000</pubDate>
      <link>https://dev.to/numbpill3d/the-osint-workflow-that-finally-made-my-notes-useful-3cjp</link>
      <guid>https://dev.to/numbpill3d/the-osint-workflow-that-finally-made-my-notes-useful-3cjp</guid>
      <description>&lt;p&gt;&lt;em&gt;I had 3,124 notes, zero answers, and a search bar that felt like gaslighting me.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;For two years my OSINT system was a digital hoarding problem with better fonts. Every username, every breach paste, every weird subdomain I found at 2am went into Obsidian. I had folders. I had tags. I had a graph view that looked like someone sneezed on a spiderweb.&lt;/p&gt;

&lt;p&gt;Then a client asked a simple question: what did you find on this person last month?&lt;/p&gt;

&lt;p&gt;I had everything and I could find nothing. That was the moment I understood my notes were not a system. They were a junk drawer I was pretending was an archive.&lt;/p&gt;

&lt;p&gt;This is the workflow that fixed it. Not a new plugin. Not a new app. A different way of thinking about what a note is actually for.&lt;/p&gt;

&lt;h2&gt;
  
  
  Your Notes Are Not a Knowledge Base. They Are a Junk Drawer
&lt;/h2&gt;

&lt;p&gt;Most OSINT advice tells you to capture everything. Save the tweet. Clip the article. Archive the domain. What it does not tell you is what to do on day 47 when you have 80 versions of the same person and you cannot remember which email was the pivot that cracked it open.&lt;/p&gt;

&lt;p&gt;We collect like we are building a library, but we investigate like we are solving a puzzle. Libraries are for browsing. Puzzles need edges, corners, and a table you can clear off.&lt;/p&gt;

&lt;p&gt;My old system failed for three reasons:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;1. I saved sources, not decisions.&lt;/strong&gt; A link to a tool output is useless without the question I asked to get it and the reason I thought it mattered.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;2. I organized by source type, not by investigation.&lt;/strong&gt; Having a folder called &lt;code&gt;usernames&lt;/code&gt; or &lt;code&gt;emails&lt;/code&gt; is like organizing your kitchen by color. Technically organized. Practically useless when you are cooking.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;3. I never defined done.&lt;/strong&gt; So notes never ended. They just grew.&lt;/p&gt;

&lt;p&gt;Useful notes have a half life. If you cannot use a note to answer a question or make a next move within 60 seconds, it is storage, not intelligence.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Workflow: Intake, Enrich, Brief
&lt;/h2&gt;

&lt;p&gt;I call it IEB. It is ugly and it works. Every piece of information goes through three distinct stages and lives in only one place at a time. No limbo.&lt;/p&gt;

&lt;h3&gt;
  
  
  1. Intake: Brutal Minimalism
&lt;/h3&gt;

&lt;p&gt;Intake is not research. Intake is triage. The rule is simple: if it takes more than 30 seconds to capture, you are doing it wrong.&lt;/p&gt;

&lt;p&gt;My intake template is five lines. That is it.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Entity:&lt;/strong&gt; who or what is this about&lt;br&gt;
&lt;strong&gt;Source:&lt;/strong&gt; where did I get it, exact URL or tool&lt;br&gt;
&lt;strong&gt;Raw:&lt;/strong&gt; the exact claim, copy pasted, no paraphrasing&lt;br&gt;
&lt;strong&gt;Question:&lt;/strong&gt; what question does this answer or create&lt;br&gt;
&lt;strong&gt;Next:&lt;/strong&gt; what does this make me want to check next&lt;/p&gt;

&lt;p&gt;No summary. No tags. No clever connections yet. I do not even link it to other notes. Intake is a cold bucket. You dump it in and you move on.&lt;/p&gt;

&lt;p&gt;This is where I broke my habit of elaborate capture. I used to spend 10 minutes making a pretty note about a single username. Now I spend 20 seconds. Speed matters because volume kills you if you let it.&lt;/p&gt;

&lt;p&gt;The tooling that finally made intake frictionless for me was stealing the structure from the &lt;strong&gt;OSINT Investigator Pack&lt;/strong&gt;. Not for the dork lists, though the Dork Bible in there is vicious, but for the Obsidian workflows that force you into that five line constraint. It has an intake template that literally will not let you add extra fields. That constraint saved me. You can find it here: &lt;a href="https://numbpilled.gumroad.com/l/osint-investigator-pack" rel="noopener noreferrer"&gt;https://numbpilled.gumroad.com/l/osint-investigator-pack&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;If your intake is slow, your whole system will be abandoned by week three. Make it stupid fast.&lt;/p&gt;
&lt;h3&gt;
  
  
  2. Enrich: Build the Pivot Map
&lt;/h3&gt;

&lt;p&gt;This is where 90 percent of people quit and start making dashboards. Do not make a dashboard.&lt;/p&gt;

&lt;p&gt;Enrichment happens once a day, 25 minutes max. I take everything in intake and ask one question: what does this connect to and can I prove it?&lt;/p&gt;

&lt;p&gt;I have one note per investigation called &lt;code&gt;pivot-map&lt;/code&gt;. It is not pretty. It is a list.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;TARGET: john.doe.92
- email john.doe.92@protonmail.com [source: breach 2021] -&amp;gt; username john.doe.92 on forum X [confirmed]
- username john.doe.92 -&amp;gt; GitHub john-doe-92 [avatar match, not confirmed]
- GitHub -&amp;gt; real name J. Doe via commit email jdoe@oldcompany.io [high confidence]
- jdoe@oldcompany.io -&amp;gt; LinkedIn / company site / phone via hunter
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Every line is a pivot with a confidence rating. Low, medium, high, confirmed. If it is not a pivot, it does not go on the map. An interesting fact about someone is not intelligence until it moves you.&lt;/p&gt;

&lt;p&gt;This is also where I stopped dorking like a tourist. I used to google &lt;code&gt;site:linkedin.com "john doe"&lt;/code&gt;. Now I run structured pivot queries. The difference between a random google dork and a pivot query is intent. One is looking. The other is testing a hypothesis.&lt;/p&gt;

&lt;p&gt;The Investigator Pack again earns its keep here. The Pivots section is a decision tree, not a list. Email to username to breach to infra. It tells you what to try next when your current pivot fails, which is most of the time. That is what turned my notes from a collection into an actual tradecraft loop.&lt;/p&gt;

&lt;p&gt;The second rule of enrichment: if you cannot verify it with a second independent source, you mark it as unconfirmed and you do not brief it. Ever. Your future self will thank you when you are not explaining to a client why you doxxed the wrong guy because of a reused avatar.&lt;/p&gt;

&lt;h3&gt;
  
  
  3. Brief: Write Like Someone Else Has to Use It
&lt;/h3&gt;

&lt;p&gt;This is the part that finally made my notes useful. Every investigation ends with a brief note, even if the investigation is just for me.&lt;/p&gt;

&lt;p&gt;A brief is not a summary. It is an answer.&lt;/p&gt;

&lt;p&gt;My brief template:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Question Asked:&lt;/strong&gt; What was the original ask&lt;br&gt;
&lt;strong&gt;Answer:&lt;/strong&gt; One paragraph, plain English&lt;br&gt;
&lt;strong&gt;Evidence:&lt;/strong&gt; 3 to 5 bullets, each with source and confidence&lt;br&gt;
&lt;strong&gt;Gaps:&lt;/strong&gt; What I still do not know&lt;br&gt;
&lt;strong&gt;Next Actions:&lt;/strong&gt; If I had two more hours, what would I do&lt;/p&gt;

&lt;p&gt;The brief is the only note I am allowed to search later. Intake gets archived weekly. Pivot maps get collapsed into the brief. If it is not in the brief, it did not happen.&lt;/p&gt;

&lt;p&gt;This feels painful at first. You will want to keep everything just in case. That just in case is the addiction talking. Intelligence is not about keeping everything. It is about being able to decide under uncertainty. A good brief forces a decision.&lt;/p&gt;

&lt;p&gt;I write my briefs in a separate vault that has zero plugins. No graph view. No dataview. Just markdown. If your system requires six plugins to read your own conclusion, you built a toy, not a tool.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Automation I Actually Use
&lt;/h2&gt;

&lt;p&gt;I used to think automation meant writing 400 Python scripts I would never maintain. Now automation means one thing: reducing the clicks between a question and a pivot.&lt;/p&gt;

&lt;p&gt;I run a local operator workstation that watches my intake folder. When I drop a domain, it auto pulls WHOIS, cert history, passive DNS, and screenshot, then appends it to the intake note as raw. When I drop an email, it runs holehe and checks breach sources. I do not touch it.&lt;/p&gt;

&lt;p&gt;I did not build this from scratch because I am lazy and honest about it. I ripped the scaffolding from the &lt;strong&gt;OpenClaw Operator Workstation&lt;/strong&gt;. It is marketed as an AI workstation, but what it actually is is a sane file structure for local agents with prewired OSINT recipes that do not phone home. I stripped out the parts I did not need and kept the file watchers and the prompt chains that turn raw tool output into that five line intake format automatically. Link here if you want to see the skeleton: &lt;a href="https://numbpilled.gumroad.com/l/openclaw-operator-workstation" rel="noopener noreferrer"&gt;https://numbpilled.gumroad.com/l/openclaw-operator-workstation&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The point is not the tool. The point is the principle. If you do the same three lookups more than five times, automate the boring part so your brain can do the enrichment. Your job is not to be a human API wrapper for Hunter and Shodan.&lt;/p&gt;

&lt;p&gt;If you live in the terminal, the companion piece is the &lt;strong&gt;Terminal Operator Pack&lt;/strong&gt;. Same philosophy, different surface. Black Terminal plus the Bash Necromancer scripts gave me the one liners that turn a list of 200 subdomains into a pivot map in under a minute without opening a browser. It is not sexy. It is fast: &lt;a href="https://numbpilled.gumroad.com/l/terminal-operator-pack-v2" rel="noopener noreferrer"&gt;https://numbpilled.gumroad.com/l/terminal-operator-pack-v2&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Pick whichever surface you actually live in. Do not build both.&lt;/p&gt;

&lt;h2&gt;
  
  
  Opsec Is Not a Chapter. It Is the Watermark
&lt;/h2&gt;

&lt;p&gt;Here is the edgy part nobody wants to hear. Most OSINT workflows are exhibitionist.&lt;/p&gt;

&lt;p&gt;You are logged into your personal Chrome profile with 30 extensions, searching a target who has Cloudflare and a grudge, while your notes sync to a cloud service that keeps version history forever. You are not investigating. You are leaving a trail of breadcrumbs back to your house with your name on them.&lt;/p&gt;

&lt;p&gt;I made opsec part of the workflow, not an afterthought.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Intake happens on a disposable VM or at least a hardened profile.&lt;/strong&gt; No personal logins. No sync.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Enrichment happens offline first.&lt;/strong&gt; I write pivots locally, then I go fetch. Not the other way around. Browsing is the noisy part.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Briefs are the only thing that ever leaves the machine.&lt;/strong&gt; And they are stripped of queries and tool artifacts.&lt;/p&gt;

&lt;p&gt;I used to treat privacy guides like paranoid cosplay until I started looking at my own metadata. Your Obsidian export contains creation times, your machine name, sometimes your location history if you clipped from mobile. Your screenshots have monitor resolution. Your PDFs have your username.&lt;/p&gt;

&lt;p&gt;The &lt;strong&gt;Privacy Opsec Stack&lt;/strong&gt; is the only bundle I have found that treats this as a workflow problem instead of a VPN sales pitch. Ghost Mode for browser isolation, Metadata for actually cleaning your artifacts, and the AI Native OSINT part for doing enrichment locally instead of pasting a target's life into ChatGPT. I run its Nukepack checklist every time I start a new investigation. Takes four minutes. Saves me from being the subject of someone else's pivot map: &lt;a href="https://numbpilled.gumroad.com/l/privacy-opsec-stack" rel="noopener noreferrer"&gt;https://numbpilled.gumroad.com/l/privacy-opsec-stack&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;You do not need to be a spy to need opsec. You just need to have once looked up someone who knows how to look back.&lt;/p&gt;

&lt;h2&gt;
  
  
  If You Steal One Thing From This Post
&lt;/h2&gt;

&lt;p&gt;Steal the brief.&lt;/p&gt;

&lt;p&gt;If you do nothing else, start writing a 150 word answer at the end of every rabbit hole. Not tomorrow. Today.&lt;/p&gt;

&lt;p&gt;Because useful notes are not about memory. They are about leverage. The value of an investigation is not how much you collected. It is how quickly you can turn what you collected into a decision someone can act on.&lt;/p&gt;

&lt;p&gt;My vault is smaller now. About 400 notes instead of 3,000. I can find anything in under a minute. I close more investigations. I get fewer of those cold sweats when a client asks a follow up.&lt;/p&gt;

&lt;p&gt;The system is not clever. That is why it survived.&lt;/p&gt;

&lt;p&gt;Intake fast. Enrich with a map, not a mood board. Brief like a professional. Automate the chores. Watermark everything with opsec.&lt;/p&gt;

&lt;p&gt;Do that for 30 days and your notes will stop being a place you hide information and start being a place that gives you answers.&lt;/p&gt;

</description>
      <category>programming</category>
      <category>productivity</category>
      <category>opensource</category>
      <category>discuss</category>
    </item>
    <item>
      <title>Writing Code to Watch the Watchers: Log Aggression and Digital Self-Defense</title>
      <dc:creator>v. Splicer</dc:creator>
      <pubDate>Fri, 10 Jul 2026 17:57:26 +0000</pubDate>
      <link>https://dev.to/numbpill3d/writing-code-to-watch-the-watchers-log-aggression-and-digital-self-defense-2fli</link>
      <guid>https://dev.to/numbpill3d/writing-code-to-watch-the-watchers-log-aggression-and-digital-self-defense-2fli</guid>
      <description>&lt;p&gt;The modern internet isn’t run by omniscient gods. It’s run by overworked sysadmins, bloated enterprise suites, and automated scrapers written by junior devs who copied code from Stack Overflow.&lt;/p&gt;

&lt;p&gt;Every time you touch a server, cross a digital perimeter, or spin up a local dev environment, an invisible army of daemons scribbles notes about you. They log your IP. They fingerprint your browser. They profile your timing. They track your habits.&lt;/p&gt;

&lt;p&gt;Most people accept this as the cost of doing business. Install a bloated commercial VPN, switch DNS to a “no logs” provider, call it a day. If you want actual digital sovereignty, flip the script: don’t just hide from the watchers, build systems that watch them back.&lt;/p&gt;

&lt;p&gt;Defensive scripting isn’t about higher walls. It’s about turning your environment into a tripwire network. If someone probes your perimeter, don’t just drop the packet. Know their ASN, their geography, and exactly how long they spent looking for an open port.&lt;/p&gt;

&lt;p&gt;Here’s how to build that.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Philosophy of the Defensive Tripwire
&lt;/h2&gt;

&lt;p&gt;Most commercial security tools are reactive. They wait for a known signature, alert a dashboard, and renew a subscription. They protect corporate networks from lawsuits, not independent operators from targeted profiling.&lt;/p&gt;

&lt;p&gt;Custom infrastructure runs on a different philosophy: aggressive observation instead of passive mitigation. Three principles drive it.&lt;/p&gt;

&lt;p&gt;Assume breach of privacy. Every public-facing endpoint you control is being scanned, right now, by hostile actors, corporate indexers, and script kiddies.&lt;/p&gt;

&lt;p&gt;Minimize your footprint. Skip the heavy frameworks. A monitoring script that needs ten Node modules and a Docker container just handed the watchers ten new attack vectors. Keep it native, raw, lightweight.&lt;/p&gt;

&lt;p&gt;Automate the back-trace. A log file sitting untouched on disk is a graveyard of missed opportunities. Code should parse incoming connections, extract metadata, and build profiles on whatever is poking at your fence.&lt;/p&gt;

&lt;p&gt;Below is a raw, zero-dependency framework for doing exactly that.&lt;/p&gt;

&lt;h3&gt;
  
  
  Phase 1: The Raw Socket Honeypot
&lt;/h3&gt;

&lt;p&gt;The easiest way to catch a watcher is to give them something tempting. Automated scanners and OSINT crawlers hit common ports: SSH (22), HTTP (80/443), database instances.&lt;/p&gt;

&lt;p&gt;Instead of closing these ports or letting a firewall silently drop traffic, run a lightweight script that mimics an open service. When something connects, don’t hand it a shell. Capture what it sends during the handshake and close the connection before it can try anything.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="c"&gt;#!/usr/bin/env bash&lt;/span&gt;
&lt;span class="c"&gt;# Tripwire daemon for target infrastructure&lt;/span&gt;

&lt;span class="nv"&gt;LISTEN_PORT&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;8888
&lt;span class="nv"&gt;LOG_FILE&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;"/var/log/watcher_tripwire.log"&lt;/span&gt;

&lt;span class="nb"&gt;touch&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$LOG_FILE&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;
&lt;span class="nb"&gt;chmod &lt;/span&gt;600 &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$LOG_FILE&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;

&lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"[+] Tripwire activated on port &lt;/span&gt;&lt;span class="nv"&gt;$LISTEN_PORT&lt;/span&gt;&lt;span class="s2"&gt;..."&lt;/span&gt;

&lt;span class="k"&gt;while &lt;/span&gt;&lt;span class="nb"&gt;true&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;do
    &lt;/span&gt;&lt;span class="nv"&gt;TIMESTAMP&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="si"&gt;$(&lt;/span&gt;&lt;span class="nb"&gt;date&lt;/span&gt; +&lt;span class="s2"&gt;"%Y-%m-%d %H:%M:%S.%3N"&lt;/span&gt;&lt;span class="si"&gt;)&lt;/span&gt;

    &lt;span class="c"&gt;# Listen for a single connection, grab the raw payload, timeout after 3s&lt;/span&gt;
    &lt;span class="nv"&gt;RAW_DATA&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="si"&gt;$(&lt;/span&gt;nc &lt;span class="nt"&gt;-l&lt;/span&gt; &lt;span class="nt"&gt;-p&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$LISTEN_PORT&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt; &lt;span class="nt"&gt;-w&lt;/span&gt; 3 2&amp;gt;&amp;amp;1&lt;span class="si"&gt;)&lt;/span&gt;

    &lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; &lt;span class="nt"&gt;-n&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$RAW_DATA&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
        &lt;span class="o"&gt;{&lt;/span&gt;
            &lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"========================================="&lt;/span&gt;
            &lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"TIMESTAMP: &lt;/span&gt;&lt;span class="nv"&gt;$TIMESTAMP&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;
            &lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"RAW PAYLOAD:"&lt;/span&gt;
            &lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$RAW_DATA&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;
            &lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"========================================="&lt;/span&gt;
        &lt;span class="o"&gt;}&lt;/span&gt; &lt;span class="o"&gt;&amp;gt;&amp;gt;&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$LOG_FILE&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;

        &lt;span class="c"&gt;# Kick off async analysis without blocking the listener&lt;/span&gt;
        &lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$RAW_DATA&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt; | ./analyze_watcher.sh &amp;amp;
    &lt;span class="k"&gt;fi
done&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;No telemetry pipeline required. Native utilities grab the payload, dump it to a restricted log, and pass it straight to analysis.&lt;/p&gt;

&lt;h3&gt;
  
  
  Phase 2: De-Anonymizing the Scanner
&lt;/h3&gt;

&lt;p&gt;Raw connection data is only useful once you dissect it. Automated tools leave fingerprints even behind a proxy: request headers, user-agent strings, timing intervals all tell a story.&lt;/p&gt;

&lt;p&gt;analyze_watcher.sh parses that payload, pulls the origin network data, and runs it against public OSINT sources to figure out who actually owns the infrastructure probing you.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="c"&gt;#!/usr/bin/env bash&lt;/span&gt;
&lt;span class="c"&gt;# Watcher analysis engine&lt;/span&gt;

&lt;span class="nv"&gt;LOG_FILE&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;"/var/log/watcher_analytics.log"&lt;/span&gt;

&lt;span class="nb"&gt;read&lt;/span&gt; &lt;span class="nt"&gt;-r&lt;/span&gt; INCOMING_PAYLOAD

&lt;span class="c"&gt;# Pull the first IP-shaped string out of the payload&lt;/span&gt;
&lt;span class="nv"&gt;DETECTED_IP&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="si"&gt;$(&lt;/span&gt;&lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$INCOMING_PAYLOAD&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt; | &lt;span class="nb"&gt;grep&lt;/span&gt; &lt;span class="nt"&gt;-oE&lt;/span&gt; &lt;span class="s1"&gt;'[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'&lt;/span&gt; | &lt;span class="nb"&gt;head&lt;/span&gt; &lt;span class="nt"&gt;-n&lt;/span&gt; 1&lt;span class="si"&gt;)&lt;/span&gt;

&lt;span class="o"&gt;[&lt;/span&gt; &lt;span class="nt"&gt;-z&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$DETECTED_IP&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt; &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; &lt;span class="nb"&gt;exit &lt;/span&gt;0

&lt;span class="c"&gt;# Query routing data to find the owner&lt;/span&gt;
&lt;span class="nv"&gt;NETWORK_INFO&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="si"&gt;$(&lt;/span&gt;curl &lt;span class="nt"&gt;-s&lt;/span&gt; &lt;span class="s2"&gt;"https://ipinfo.io/&lt;/span&gt;&lt;span class="k"&gt;${&lt;/span&gt;&lt;span class="nv"&gt;DETECTED_IP&lt;/span&gt;&lt;span class="k"&gt;}&lt;/span&gt;&lt;span class="s2"&gt;/json"&lt;/span&gt;&lt;span class="si"&gt;)&lt;/span&gt;
&lt;span class="nv"&gt;ASN&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="si"&gt;$(&lt;/span&gt;&lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$NETWORK_INFO&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt; | &lt;span class="nb"&gt;grep&lt;/span&gt; &lt;span class="nt"&gt;-oP&lt;/span&gt; &lt;span class="s1"&gt;'"org": "\K[^"]+'&lt;/span&gt;&lt;span class="si"&gt;)&lt;/span&gt;
&lt;span class="nv"&gt;GEO&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="si"&gt;$(&lt;/span&gt;&lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$NETWORK_INFO&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt; | &lt;span class="nb"&gt;grep&lt;/span&gt; &lt;span class="nt"&gt;-oP&lt;/span&gt; &lt;span class="s1"&gt;'"city": "\K[^"]+'&lt;/span&gt;&lt;span class="si"&gt;)&lt;/span&gt;
&lt;span class="nv"&gt;COUNTRY&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="si"&gt;$(&lt;/span&gt;&lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$NETWORK_INFO&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt; | &lt;span class="nb"&gt;grep&lt;/span&gt; &lt;span class="nt"&gt;-oP&lt;/span&gt; &lt;span class="s1"&gt;'"country": "\K[^"]+'&lt;/span&gt;&lt;span class="si"&gt;)&lt;/span&gt;

&lt;span class="c"&gt;# Flag known cloud ASNs vs. residential origin&lt;/span&gt;
&lt;span class="nv"&gt;IS_BOT&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nb"&gt;false
&lt;/span&gt;&lt;span class="k"&gt;if &lt;/span&gt;&lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$ASN&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt; | &lt;span class="nb"&gt;grep&lt;/span&gt; &lt;span class="nt"&gt;-Eiq&lt;/span&gt; &lt;span class="s2"&gt;"amazon|google|digitalocean|linode|hetzner|ovh"&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then
    &lt;/span&gt;&lt;span class="nv"&gt;IS_BOT&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nb"&gt;true
&lt;/span&gt;&lt;span class="k"&gt;fi&lt;/span&gt;

&lt;span class="o"&gt;{&lt;/span&gt;
    &lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"--- WATCHER REPORT ---"&lt;/span&gt;
    &lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"TARGET IP: &lt;/span&gt;&lt;span class="nv"&gt;$DETECTED_IP&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;
    &lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"ORIGIN ASN: &lt;/span&gt;&lt;span class="nv"&gt;$ASN&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;
    &lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"LOCATION: &lt;/span&gt;&lt;span class="nv"&gt;$GEO&lt;/span&gt;&lt;span class="s2"&gt;, &lt;/span&gt;&lt;span class="nv"&gt;$COUNTRY&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;
    &lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"AUTOMATED CLOUD INSTANCE: &lt;/span&gt;&lt;span class="nv"&gt;$IS_BOT&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;
    &lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"----------------------"&lt;/span&gt;
&lt;span class="o"&gt;}&lt;/span&gt; &lt;span class="o"&gt;&amp;gt;&amp;gt;&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$LOG_FILE&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Filter out known cloud giants and the picture gets sharp fast. Mass-internet survey traffic from something like Shodan looks nothing like a repeated manual probe from a residential ISP. Once you’re seeing the latter against your custom socket, you’re not looking at background noise anymore. You’re looking at a person.&lt;/p&gt;

&lt;h3&gt;
  
  
  Phase 3: Reclaiming the Local Environment
&lt;/h3&gt;

&lt;p&gt;Watching the watchers isn’t only a server-side problem. The most invasive surveillance happens on the machine in front of you right now. Modern operating systems report your activity home constantly. Applications drop telemetry files in your home directory, and background processes dial out to corporate endpoints on a schedule you never agreed to.&lt;/p&gt;

&lt;p&gt;Turn the local filesystem hostile to that behavior. The script below uses kernel-level file monitoring to watch your config directories in real time. Any application writing a telemetry profile, altering a config, or dropping a tracking cookie gets caught mid-write.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="c"&gt;#!/usr/bin/env bash&lt;/span&gt;
&lt;span class="c"&gt;# Local workspace sentinel&lt;/span&gt;

&lt;span class="nv"&gt;MONITOR_DIR&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$HOME&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;
&lt;span class="nv"&gt;SENTINEL_LOG&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;"/var/log/sentinel_filesystem.log"&lt;/span&gt;

&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;!&lt;/span&gt; &lt;span class="nb"&gt;command&lt;/span&gt; &lt;span class="nt"&gt;-v&lt;/span&gt; inotifywait &amp;amp;&amp;gt; /dev/null&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then
    &lt;/span&gt;&lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"[-] inotify-tools required for kernel-level tracking."&lt;/span&gt;
    &lt;span class="nb"&gt;exit &lt;/span&gt;1
&lt;span class="k"&gt;fi

&lt;/span&gt;&lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"[+] Local sentinel active. Monitoring &lt;/span&gt;&lt;span class="nv"&gt;$MONITOR_DIR&lt;/span&gt;&lt;span class="s2"&gt;..."&lt;/span&gt;

inotifywait &lt;span class="nt"&gt;-m&lt;/span&gt; &lt;span class="nt"&gt;-r&lt;/span&gt; &lt;span class="nt"&gt;-e&lt;/span&gt; create &lt;span class="nt"&gt;-e&lt;/span&gt; modify &lt;span class="nt"&gt;--format&lt;/span&gt; &lt;span class="s1"&gt;'%w%f %e %T'&lt;/span&gt; &lt;span class="nt"&gt;--timefmt&lt;/span&gt; &lt;span class="s1"&gt;'%H:%M:%S'&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$MONITOR_DIR&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt; | &lt;span class="k"&gt;while &lt;/span&gt;&lt;span class="nb"&gt;read&lt;/span&gt; &lt;span class="nt"&gt;-r&lt;/span&gt; FILE EVENT TIME&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;do&lt;/span&gt;
    &lt;span class="c"&gt;# Skip known-safe dev noise&lt;/span&gt;
    &lt;span class="k"&gt;if &lt;/span&gt;&lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$FILE&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt; | &lt;span class="nb"&gt;grep&lt;/span&gt; &lt;span class="nt"&gt;-qE&lt;/span&gt; &lt;span class="s1"&gt;'\.cache|\.git|node_modules'&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then
        continue
    fi&lt;/span&gt;

    &lt;span class="c"&gt;# Flag anything that looks like telemetry or tracking&lt;/span&gt;
    &lt;span class="k"&gt;if &lt;/span&gt;&lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$FILE&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt; | &lt;span class="nb"&gt;grep&lt;/span&gt; &lt;span class="nt"&gt;-qE&lt;/span&gt; &lt;span class="s1"&gt;'telemetry|analytics|metrics|\.log|config'&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then
        &lt;/span&gt;&lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"[&lt;/span&gt;&lt;span class="nv"&gt;$TIME&lt;/span&gt;&lt;span class="s2"&gt;] WARNING: hostile file activity: &lt;/span&gt;&lt;span class="nv"&gt;$FILE&lt;/span&gt;&lt;span class="s2"&gt; (&lt;/span&gt;&lt;span class="nv"&gt;$EVENT&lt;/span&gt;&lt;span class="s2"&gt;)"&lt;/span&gt; &lt;span class="o"&gt;&amp;gt;&amp;gt;&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$SENTINEL_LOG&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;

        &lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; &lt;span class="nt"&gt;-f&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$FILE&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then
            &lt;/span&gt;&lt;span class="nb"&gt;chmod &lt;/span&gt;000 &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$FILE&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;
            &lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"[&lt;/span&gt;&lt;span class="nv"&gt;$TIME&lt;/span&gt;&lt;span class="s2"&gt;] CRITICAL: quarantined &lt;/span&gt;&lt;span class="nv"&gt;$FILE&lt;/span&gt;&lt;span class="s2"&gt;, permissions zeroed."&lt;/span&gt; &lt;span class="o"&gt;&amp;gt;&amp;gt;&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$SENTINEL_LOG&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;
        &lt;span class="k"&gt;fi
    fi
done&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This turns passive logging into active defense. Instead of finding out three months later that some app has been quietly harvesting your dev paths, the sentinel catches the write, logs a warning, and strips permissions before the data ever finalizes.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Sovereign Architecture
&lt;/h2&gt;

&lt;p&gt;Building an offline-first, defensive setup means changing your infrastructure paradigm. The corporate web wants you to believe security means buying into cloud dashboards, centralized identity, and third-party logging pipelines.&lt;/p&gt;

&lt;p&gt;That’s the trap. Those platforms don’t protect you. They consolidate your data so it can be sold, analyzed, or leaked in one breach instead of many.&lt;/p&gt;

&lt;p&gt;Real safety comes from isolation, minimal footprint, and raw custom automation. Simple scripts running at the kernel or network interface level avoid the complexity that causes systems to fail. They’re silent, fast, and expensive to profile.&lt;/p&gt;

&lt;p&gt;Stop letting third-party infrastructure decide your visibility. Write your own tools, keep logs local, monitor your perimeter with zero-dependency scripts, and make your environment too expensive to bother probing.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;If you want to go further than this post covers, the full playbooks are:&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://numbpilled.gumroad.com/l/c2-dark-playbook" rel="noopener noreferrer"&gt;The C2 Dark Playbook — network isolation and internal comms protocols outside the standard tracking matrix.&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://numbpilled.gumroad.com/l/scriptforensix" rel="noopener noreferrer"&gt;The Defensive Scripters Playbook — the full tripwire and sentinel methodology from this post, extended.&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://numbpilled.gumroad.com/l/obsidian-operator-guide" rel="noopener noreferrer"&gt;Local Toolchain &amp;amp; Obsidian Sync Guides — moving your knowledge base to a fully offline, encrypted local setup.&lt;/a&gt;&lt;/p&gt;

</description>
      <category>programming</category>
      <category>tutorial</category>
      <category>automation</category>
      <category>security</category>
    </item>
    <item>
      <title>SDR Is the New Wireshark: Sniffing the Sub-GHz Spectrum from Your Desk</title>
      <dc:creator>v. Splicer</dc:creator>
      <pubDate>Fri, 10 Jul 2026 17:52:16 +0000</pubDate>
      <link>https://dev.to/numbpill3d/sdr-is-the-new-wireshark-sniffing-the-sub-ghz-spectrum-from-your-desk-2bjm</link>
      <guid>https://dev.to/numbpill3d/sdr-is-the-new-wireshark-sniffing-the-sub-ghz-spectrum-from-your-desk-2bjm</guid>
      <description>&lt;p&gt;The modern security engineer is effectively blind. We spend our lives staring into the comforting, structured matrix of the OSI model. We audit TLS 1.3 handshakes, we fine-tune eBPF probes, and we obsess over Kubernetes network policies. We treat the Ethernet cable and the 802.11 Wi-Fi frame as the absolute edge of the digital universe.&lt;/p&gt;

&lt;p&gt;But right outside your window, floating through the literal air of your office park or suburban neighborhood, a completely parallel, chaotic, and utterly unencrypted digital wild west is playing out in real-time.&lt;/p&gt;

&lt;p&gt;Smart meters are broadcasting household power consumption. Drive-thru headsets are leaking audio. Municipal traffic sensors are blabbing about congestion. Fire alarms, medical pagers, logistics trackers, and gate garage clickers are all screaming raw, unauthenticated data into the ether. They do not use Wi-Fi. They do not care about IP addresses. They live in the sub-gigahertz (Sub-GHz) spectrum, and they are completely naked.&lt;/p&gt;

&lt;p&gt;If Wireshark taught us how to spy on the nervous system of the internet, Software Defined Radio (SDR) is how we spy on the nervous system of the physical world. And the best part? You can capture all of it without ever touching a standard network interface, using a USB dongle that costs less than a decent bottle of scotch.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Blind Spot at 433 MHz
&lt;/h2&gt;

&lt;p&gt;Why is this happening? Because of a fundamental design flaw in how the tech industry views security: if a human cannot easily interact with a medium, engineers assume hackers won’t either.&lt;/p&gt;

&lt;p&gt;For decades, RF (Radio Frequency) engineering was a dark art. If you wanted to sniff, intercept, or manipulate signals outside of standard consumer Wi-Fi and Bluetooth, you needed thousands of dollars of specialized hardware. You needed hardware spectrum analyzers, proprietary oscilloscopes, and discrete, application-specific integrated circuits. The barrier to entry was a massive financial moat.&lt;/p&gt;

&lt;p&gt;Because of this moat, embedded systems designers building infrastructure got lazy. They needed to transmit data over long distances with minimal power consumption, so they looked toward the license-free Industrial, Scientific, and Medical (ISM) radio bands. Specifically, the sub-gigahertz bands: 315 MHz, 433 MHz, 868 MHz, and 915 MHz.&lt;/p&gt;

&lt;p&gt;They didn’t implement encryption because cryptography requires clock cycles, clock cycles drain batteries, and besides, who is going to build a custom radio receiver just to decode a weather station or a water meter?&lt;/p&gt;

&lt;p&gt;Then came the SDR revolution.&lt;/p&gt;

&lt;p&gt;Software Defined Radio completely flipped the script. It took all the complex, heavy lifting traditionally done by dedicated analog hardware (mixers, filters, amplifiers, demodulators) and dumped it onto the CPU of your laptop. A cheap piece of hardware simply converts the raw, analog electromagnetic waves from an antenna into digital I/Q data data streams. The software does the rest.&lt;/p&gt;

&lt;p&gt;Suddenly, the financial moat evaporated. The RTL-SDR, a tiny USB stick originally designed for watching terrestrial television on a computer, was discovered to be an incredibly flexible wideband receiver. For $30, anyone could suddenly view, record, and demodulate signals from 500 kHz up to 1.7 GHz.&lt;/p&gt;

&lt;p&gt;If you are a hacker who has only ever operated on standard IP networks, walking into the RF space feels like discovering a secret backdoor into reality.&lt;/p&gt;

&lt;h2&gt;
  
  
  Setting Up Your Digital Periscope
&lt;/h2&gt;

&lt;p&gt;To begin sniffing the invisible world from your desk, you do not need an academic background in electromagnetic theory. You just need the right glass to look through.&lt;/p&gt;

&lt;h3&gt;
  
  
  The Hardware Choice
&lt;/h3&gt;

&lt;p&gt;If you are just getting started, grab an &lt;strong&gt;RTL-SDR Blog V4&lt;/strong&gt;. It is cheap, incredibly well-shielded against USB noise, and functions as the perfect gateway drug. If you want something more self-contained, elegant, and dangerously portable, devices like the &lt;strong&gt;HackRF One&lt;/strong&gt; or the &lt;strong&gt;Flipper Zero&lt;/strong&gt; allow you not just to listen, but to transmit (though we will be focusing strictly on passive listening today to stay on the correct side of federal communication laws).&lt;/p&gt;

&lt;h3&gt;
  
  
  The Software Stack
&lt;/h3&gt;

&lt;p&gt;Think of your SDR software as the Wireshark GUI. The most popular cross-platform tools for visual spectrum exploration are:&lt;/p&gt;

&lt;p&gt;GQRX (Linux/macOS)&lt;/p&gt;

&lt;p&gt;SDR++ (Multi-platform, lightweight, and incredibly fast)&lt;/p&gt;

&lt;p&gt;SDR# (Windows)&lt;/p&gt;

&lt;p&gt;When you boot up these programs and hit play, you are presented with a FFT Plot (a real-time graph of signal strength across various frequencies) and a Waterfall Display. The waterfall is a historic record of the spectrum: time moves down the vertical axis, frequency spans the horizontal axis, and color intensity dictates signal strength.&lt;/p&gt;

&lt;p&gt;Seeing a waterfall for the first time is a revelatory moment for a network engineer. It is the literal visualization of data slicing through physical space. You will see brief, sharp bursts of light against a dark blue background. Every one of those bursts is a packet. Your job is to catch them.&lt;/p&gt;

&lt;h2&gt;
  
  
  The “Hello World” of Radio Sniffing: Pagers and Telemetry
&lt;/h2&gt;

&lt;p&gt;Let’s move past theory and look at a practical, real-world target that is almost certainly floating through your room right now: FLEX and POCSAG pager networks.&lt;/p&gt;

&lt;p&gt;You might think pagers died in the late 1990s. You would be dead wrong. Pagers are still heavily relied upon by hospitals for medical staff, by emergency services for volunteer fire departments, and by industrial facilities for automated system alerts. Why? Because a single, high-powered sub-GHz transmitter can penetrate deep into concrete basements where cellular signals die.&lt;/p&gt;

&lt;p&gt;They also transmit completely in the clear, and they do it constantly.&lt;/p&gt;

&lt;h3&gt;
  
  
  Step 1: Locating the Frequency
&lt;/h3&gt;

&lt;p&gt;Depending on where you live in the world, pager networks usually live around &lt;strong&gt;138–174 MHz&lt;/strong&gt; or &lt;strong&gt;450–470 MHz&lt;/strong&gt;. Open your SDR software, set the modulation to &lt;strong&gt;NFM (Narrowband FM)&lt;/strong&gt;, and scroll through these bands. You are looking for a distinct, rhythmic, almost musical screeching sound that occurs in rapid bursts. On the waterfall, it looks like a thick, solid block of data.&lt;/p&gt;

&lt;h3&gt;
  
  
  Step 2: Demodulating the Stream
&lt;/h3&gt;

&lt;p&gt;In the old days, you had to route the audio output of your SDR software via a virtual audio cable into a legacy decoding program. Today, tools like multimon-ng make this trivial.&lt;/p&gt;

&lt;p&gt;If you prefer a streamlined, automated experience, you can use a command-line tool called rtl_fm (which comes with the standard RTL-SDR utilities) to tune to the frequency and pipe the raw audio straight into multimon-ng.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;rtl_fm &lt;span class="nt"&gt;-f&lt;/span&gt; 466.05M &lt;span class="nt"&gt;-s&lt;/span&gt; 22050 | multimon-ng &lt;span class="nt"&gt;-t&lt;/span&gt; raw &lt;span class="nt"&gt;-a&lt;/span&gt; POCSAG512 &lt;span class="nt"&gt;-a&lt;/span&gt; POCSAG1200 &lt;span class="nt"&gt;-a&lt;/span&gt; POCSAG2400 &lt;span class="nt"&gt;-f&lt;/span&gt; alpha -
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Run that command, and your terminal will begin printing out cleartext pages. You will see internal hospital alerts, patient transport coordinates, automated infrastructure status reports, and system diagnostics. It feels deeply invasive because it is. You are pulling raw, sensitive data straight out of thin air without interacting with a single server, authenticated API, or firewalled gateway.&lt;/p&gt;

&lt;h2&gt;
  
  
  Decoding the Neighborhood with rtl_433
&lt;/h2&gt;

&lt;p&gt;If hacking legacy pager systems sounds a bit too industrial, let’s look at something much closer to home. Literally.&lt;/p&gt;

&lt;p&gt;The 433.92 MHz and 915 MHz frequencies are the absolute wild west of consumer and commercial telemetry. Almost every cheap wireless sensor manufactured in the last twenty years uses these bands to talk to its base station.&lt;/p&gt;

&lt;p&gt;There is an open-source masterpiece of software called &lt;strong&gt;rtl_433&lt;/strong&gt;. Despite the name, it doesn’t just listen to 433 MHz; it is an incredibly powerful decoder for hundreds of distinct sub-GHz protocols. It is essentially the tcpdump of the radio world.&lt;/p&gt;

&lt;p&gt;Plug in your SDR dongle, open your terminal, and simply run:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;rtl_433 &lt;span class="nt"&gt;-f&lt;/span&gt; 433.92M
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Within a few minutes, your terminal screen will likely populate with JSON-like blocks of data:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;json
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
time. : 2026–07–06 17:42:12
model. : Nexus-TH. id. : 142
Channel. : 1. Battery. : OK. Temperature: 22.4 C. Humidity. : 48 %
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
time. : 2026–07–06 17:43:01
model. : Schrader-EG53MA4. id. : 0A3F21B
Type. : TPMS. Pressure. : 32.5 PSI. Temperature: 28.0 C. Flags. : 00

&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Look at what you are seeing.&lt;/p&gt;

&lt;p&gt;The first block is a neighbor’s backyard weather station, telling you their precise indoor or outdoor climate metrics.&lt;/p&gt;

&lt;p&gt;The second block is a TPMS (Tire Pressure Monitoring System) sensor from a car driving past your house. Every modern vehicle has wireless sensors embedded inside the tire valves. They broadcast their unique sensor ID, their current tire pressure, and their temperature every few seconds to the car’s internal computer.&lt;/p&gt;

&lt;p&gt;Think about the security implications of this for a moment. A car’s TPMS ID is static. If you place a cheap SDR receiver at an intersection, you can track the exact physical movement and patterns of specific vehicles based entirely on the unencrypted radio beacons their tires emit. No license plate readers required. No complex surveillance infrastructure. Just raw, unencrypted telemetry floating through public space.&lt;/p&gt;

&lt;h2&gt;
  
  
  Deconstructing the Protocol: The Reverse Engineering Mindset
&lt;/h2&gt;

&lt;p&gt;What happens when you find a signal on your waterfall that rtl_433 doesn’t recognize? This is where true hacking begins. This is where we move from being consumers of security tools to creators.&lt;/p&gt;

&lt;p&gt;When an SDR captures a signal, it records it in &lt;strong&gt;I/Q format&lt;/strong&gt;. I/Q data represents the changes in amplitude and phase of a radio wave over time. It is the ultimate raw format.&lt;/p&gt;

&lt;p&gt;To reverse engineer a mystery signal, we use an open-source tool called Universal Radio Hacker (URH).&lt;/p&gt;

&lt;h3&gt;
  
  
  The Anatomy of an RF Packet
&lt;/h3&gt;

&lt;p&gt;When you load a raw signal recording into URH, you are looking at a waveform. By applying a digital demodulator (usually Amplitude Shift Keying, ASK, or Frequency Shift Keying, FSK), URH converts that wavy analog line into a clean, digital train of 1s and 0s.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Just like an Ethernet frame, a sub-GHz radio packet has a distinct structure:&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;The Preamble:&lt;/strong&gt; A predictable, alternating pattern of bits (e.g., 10101010) that tells the receiving radio, “Hey, wake up, a packet is coming, sync your internal clock to my speed.”&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;The Sync Word:&lt;/strong&gt; A specific, fixed sequence of bits (e.g., 0xD391) that signifies the exact boundary where the actual data payload begins.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;The Payload:&lt;/strong&gt; The actual message, containing sensor readings, command IDs, or device statuses.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;The Checksum (CRC):&lt;/strong&gt; A mathematical verification string to ensure the packet wasn’t corrupted in transit.&lt;/p&gt;

&lt;p&gt;By aligning different packets recorded from the same device in URH, you can start to spot patterns. If you press the “Unlock” button on a garage door remote control five times, you will notice that 95% of the binary string remains identical, while a tiny section changes or increments. If it doesn’t change, you have just discovered a device vulnerable to a simple replay attack…where replaying the exact audio recording of the transmission back into the air will trigger the physical action again.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Ultimate Paradigm Shift
&lt;/h2&gt;

&lt;p&gt;The point of exploring the sub-GHz spectrum isn’t just about reading your neighbor’s thermometer or spying on hospital pagers. It is about shattering the illusion of security boundaries.&lt;/p&gt;

&lt;p&gt;We have spent billions of dollars securing the internet, reinforcing the application layer, and enforcing strict access controls on the networks we can see. Yet, we have built a physical world that relies entirely on a massive, invisible foundation of unauthenticated radio communications.&lt;/p&gt;

&lt;p&gt;Smart grids, automated manufacturing lines, municipal infrastructure, and physical access controls are constantly leaking state information, configuration telemetry, and operational commands into the atmosphere. The only thing that kept this infrastructure secure for decades was the obscurity of the medium.&lt;/p&gt;

&lt;p&gt;That obscurity is completely dead.&lt;/p&gt;

&lt;p&gt;The next time you open Wireshark to look at a packet capture, look up from your screen and look out the window. There is a whole universe of data passing straight through your body right now. All you have to do is listen.&lt;/p&gt;

&lt;h2&gt;
  
  
  Deepen Your Digital Reconnaissance
&lt;/h2&gt;

&lt;p&gt;&lt;em&gt;If you are ready to stop scratching the surface of standard consumer networks and want to dive deeper into the gritty, unfiltered realities of modern hardware, infrastructure exploitation, and terminal dominance, explore these essential handbooks:&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;Expand Your Operational Horizon: Uncover the hidden vulnerabilities in unconventional targets with &lt;a href="https://numbpilled.gumroad.com/l/megapack-1" rel="noopener noreferrer"&gt;Notes from the Wrong Side of the Network Volume 1.&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Master the Command Line:Turn your local terminal into a highly optimized weapon for system auditing and environmental control with &lt;a href="https://numbpilled.gumroad.com/l/blacktermx" rel="noopener noreferrer"&gt;The Black Terminal Compendium: 2026 Edition.&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Weaponize the Physical Layer: Learn how to script, weaponize, and deploy automated keystroke injection hardware while evading endpoint defense with &lt;a href="https://numbpilled.gumroad.com/l/bad-usb-macintosh" rel="noopener noreferrer"&gt;BadUSB Studio: 20 Rubber Ducky Scripts That Bypass Modern AV (2026 Edition).&lt;/a&gt;&lt;/p&gt;

</description>
      <category>softwaredefinedradio</category>
      <category>programming</category>
      <category>tutorial</category>
      <category>opensource</category>
    </item>
    <item>
      <title>The Second Brain They Can’t Subpoena: Local RAG on a Pi 5</title>
      <dc:creator>v. Splicer</dc:creator>
      <pubDate>Sun, 05 Jul 2026 21:50:20 +0000</pubDate>
      <link>https://dev.to/numbpill3d/the-second-brain-they-cant-subpoena-local-rag-on-a-pi-5-3374</link>
      <guid>https://dev.to/numbpill3d/the-second-brain-they-cant-subpoena-local-rag-on-a-pi-5-3374</guid>
      <description>&lt;p&gt;If your memory is hosted, your thoughts are leased.&lt;/p&gt;

&lt;p&gt;We did not just move our files to the cloud. We moved our working memory. Andy Clark and David Chalmers called it the extended mind in 1998. The thesis was simple. Cognition leaks into the tools we trust. A notebook can be part of your mind if you access it reliably. In 2026, that notebook is a vector database owned by a platform with a legal department. Your extended mind now has terms of service, retention policies, and a compliance team that answers subpoenas faster than you answer email.&lt;/p&gt;

&lt;p&gt;I am not interested in nostalgia for paper. I am interested in architecture that preserves agency. The fix is not to think less with machines. It is to think locally with machines you control. That is why I built a second brain that lives on a Raspberry Pi 5 with NVMe and a Hailo-8 accelerator, running Retrieval Augmented Generation completely offline. No API keys. No telemetry. No third party that can be compelled to hand over your associative graph.&lt;/p&gt;

&lt;p&gt;This is the expanded blueprint. More cohesive, more rigorous, and more useful than the usual cloud versus local sermon.&lt;/p&gt;

&lt;h2&gt;
  
  
  The extended mind, now with a landlord
&lt;/h2&gt;

&lt;p&gt;The original extended mind argument was about trust and coupling. If you reach for a tool as automatically as you reach for a memory, it counts as cognition. The cloud broke that coupling by inserting a landlord. Your retrieval is fast, but it is also observed, logged, ranked, and retained.&lt;/p&gt;

&lt;p&gt;Three consequences follow.&lt;/p&gt;

&lt;p&gt;First, epistemic pollution. When your queries train their models, your future answers are shaped by everyone else’s queries. Your private context gets diluted by the median user.&lt;/p&gt;

&lt;p&gt;Second, legal exposure. Your prompts, your uploads, your retrieval history, and your embeddings are business records. In many jurisdictions they are discoverable. You cannot plead the fifth for data you gave to a provider.&lt;/p&gt;

&lt;p&gt;Third, strategic fragility. A policy change, a price hike, a region block, and your cognitive prosthesis goes dark. That is not a tool. That is a dependency.&lt;/p&gt;

&lt;p&gt;Local RAG restores the coupling. The model is on your desk. The index is on your disk. The retrieval path never leaves your LAN. You regain what philosophers care about and hackers need: direct, reliable, private access to your own prior thought.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why RAG beats fine tuning for a personal brain
&lt;/h2&gt;

&lt;p&gt;Fine tuning bakes knowledge into weights. It is expensive, brittle, and hard to audit. RAG keeps knowledge outside the model and retrieves it at query time. For personal memory, this is superior for four reasons that matter intellectually, not just practically.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;&lt;p&gt;Provenance. RAG can cite the exact chunk it used. You can open the source note and verify. Fine tuned models hallucinate with confidence and no footnotes.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Mutability. Your life changes daily. With RAG you re-embed a note and the answer updates. With fine tuning you retrain or you live with stale weights.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Composability. You can mix corpora with metadata filters. Show me only work notes from 2024. Show me only code, not journals. This is information theory in practice. Retrieval is selective decompression.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Portability. A 2GB vector store and a quantized 8B model fit on a Pi. A personal fine tune that does not suck does not.&lt;/p&gt;&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;RAG is not a hack. It is a return to the original idea of hypertext, with similarity search instead of manual links. Bush’s Memex imagined associative trails. We finally have the math to build them.&lt;/p&gt;

&lt;h2&gt;
  
  
  The architecture of uncompelled thought
&lt;/h2&gt;

&lt;p&gt;Think in layers, not products.&lt;/p&gt;

&lt;p&gt;Ingest layer. Files in, clean text out. PDFs via local OCR, web clips via readability, code via tree-sitter aware chunking. Every chunk gets metadata: source path, hash, created time, tags, and a privacy label.&lt;/p&gt;

&lt;p&gt;Embedding layer. A small, local embedding model turns text into vectors. I use nomic-embed-text-v1.5 because it is compact, strong on recall, and runs fine on ARM. This is where most cloud setups leak. Do not leak here.&lt;/p&gt;

&lt;p&gt;Store layer. Qdrant on the Pi. It is written in Rust, low memory, and has good filtering. You want metadata filtering more than you want raw speed. Fast wrong answers are worse than slow right ones.&lt;/p&gt;

&lt;p&gt;Model layer. Ollama serving a quantized instruct model. llama3.1:8b-instruct-q4_K_M is the sweet spot for a Pi 5 with 8GB. If you add Hailo-8, you can offload embedding inference and free CPU for generation.&lt;/p&gt;

&lt;p&gt;Interface layer. A minimal FastAPI server that does retrieval, builds the prompt with citations, calls Ollama, and returns structured JSON. Your front end can be anything. I use a local Obsidian plugin and a TUI for field work.&lt;/p&gt;

&lt;p&gt;The entire loop stays on device. The only network traffic is when you choose to sync encrypted notes between your ov1wn machines.&lt;/p&gt;

&lt;h2&gt;
  
  
  Hardware that makes this real
&lt;/h2&gt;

&lt;p&gt;The Pi 5 is not a toy anymore. The key change is PCIe exposed through the HAT connector. With a decent NVMe HAT you get real storage bandwidth, which is the actual bottleneck for RAG.&lt;/p&gt;

&lt;p&gt;My field build:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Raspberry Pi 5, 8GB&lt;/li&gt;
&lt;li&gt;Pineberry Pi HatDrive or similar NVMe HAT&lt;/li&gt;
&lt;li&gt;1TB NVMe, TLC, DRAM cache preferred&lt;/li&gt;
&lt;li&gt;Hailo-8 M.2 AI module, 26 TOPS at 2.5 watts&lt;/li&gt;
&lt;li&gt;Aluminum passive case that doubles as heatsink&lt;/li&gt;
&lt;li&gt;USB-C PD battery bank, 65W&lt;/li&gt;
&lt;li&gt;Two microSD cards: one for bootloader, one for LUKS header backup&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Power draw at idle is around 4 to 6 watts. Under generation it sits at 9 to 12 watts. You can run a full day on a 20,000 mAh bank. That is the point. A brain you cannot carry is a brain you will not use.&lt;/p&gt;

&lt;p&gt;Encrypt the NVMe with LUKS2. Use Argon2id, not PBKDF2. Store the keyfile on a USB drive you remove after boot, or memorize a strong passphrase. Mount the data partition noexec, nodev. Keep the OS on a read only overlay so a hard power cut does not corrupt your root.&lt;/p&gt;

&lt;p&gt;This is not paranoia. It is systems hygiene. You are building a cognitive appliance, not a hobby box.&lt;/p&gt;

&lt;h2&gt;
  
  
  A minimal, auditable software stack
&lt;/h2&gt;

&lt;p&gt;Bloat is the enemy of auditability. Here is the compose file I run in production on the Pi. It is boring on purpose.&lt;/p&gt;

&lt;p&gt;yaml&lt;br&gt;
services:&lt;br&gt;
 qdrant:&lt;br&gt;
 image: qdrant/qdrant:v1.9-arm64&lt;br&gt;
 ports: [“6333:6333”]&lt;br&gt;
 volumes:&lt;br&gt;
 — /mnt/brain/qdrant:/qdrant/storage&lt;br&gt;
 restart: unless-stopped&lt;/p&gt;

&lt;p&gt;ollama:&lt;br&gt;
 image: ollama/ollama:latest&lt;br&gt;
 ports: ["11434:11434"]&lt;br&gt;
 volumes:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;/mnt/brain/ollama:/root/.ollama
environment:&lt;/li&gt;
&lt;li&gt;OLLAMA_KEEP_ALIVE=24h
restart: unless-stopped&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;embedder:&lt;br&gt;
 image: ghcr.io/nomic-ai/nomic-embed-text:v1.5-cpu&lt;br&gt;
 ports: ["8001:8000"]&lt;br&gt;
 restart: unless-stopped&lt;/p&gt;

&lt;p&gt;api:&lt;br&gt;
 build:./brain-api&lt;br&gt;
 ports: ["8080:8080"]&lt;br&gt;
 depends_on: [qdrant, ollama, embedder]&lt;br&gt;
 environment:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;QDRANT_URL=&lt;a href="http://qdrant:6333" rel="noopener noreferrer"&gt;http://qdrant:6333&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;OLLAMA_URL=&lt;a href="http://ollama:11434" rel="noopener noreferrer"&gt;http://ollama:11434&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;EMBED_URL=&lt;a href="http://embedder:8000" rel="noopener noreferrer"&gt;http://embedder:8000&lt;/a&gt;
volumes:&lt;/li&gt;
&lt;li&gt;/mnt/brain/vault:/vault:ro&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The API is about 180 lines of Python. It does three things well: ingest, retrieve, answer. No LangChain. No magic chains that hide prompts. You want to see the prompt template because that is where bias lives.&lt;/p&gt;

&lt;p&gt;Ingest logic that actually works:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Chunk Markdown at 700 to 900 tokens with 100 to 150 token overlap. Overlap preserves context across boundaries.&lt;/li&gt;
&lt;li&gt;For code, chunk by function or class using tree-sitter. Store language and symbol name in metadata.&lt;/li&gt;
&lt;li&gt;For PDFs, OCR locally, then chunk by heading. Keep page numbers.&lt;/li&gt;
&lt;li&gt;Compute SHA256 of the source file. Store it. When you re-ingest, skip unchanged files.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Retrieval logic:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Embed the query, search Qdrant for top 12, then apply a maximal marginal relevance rerank to diversify.&lt;/li&gt;
&lt;li&gt;Filter by tags or date if the query implies it. “last quarter” should map to a metadata range, not a hope.&lt;/li&gt;
&lt;li&gt;Build a prompt that forces citations. My template ends with: “Answer using only the provided context. Cite sources as,. If the answer is not in the context, say you do not know.”[1][2]&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This is where intellectual quality emerges. You are not asking a model to be omniscient. You are asking it to be a careful reader of your own archive.&lt;/p&gt;

&lt;h2&gt;
  
  
  Ingestion is curation, not hoarding
&lt;/h2&gt;

&lt;p&gt;Most personal RAG projects fail at ingest. People dump 50GB of PDFs and wonder why results are mush. Information quality beats quantity. Shannon taught us that signal matters more than bandwidth.&lt;/p&gt;

&lt;p&gt;My rules:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;If a document is not worth tagging, it is not worth embedding. Tags force you to decide what it is for.&lt;/li&gt;
&lt;li&gt;Keep a “working set” and an “archive.” The working set is under 10,000 chunks and stays hot in RAM. Archive is searchable but not in the default context.&lt;/li&gt;
&lt;li&gt;Store contradictions. Do not resolve them during ingest. Let the model surface tension at query time. That is how you think better.&lt;/li&gt;
&lt;li&gt;Version your vault with Git. Embeddings are derived data. Your notes are source truth. You want diffs, not just snapshots.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;The result is a brain that rewards clarity. You write better notes because the system reads them back to you.&lt;/p&gt;

&lt;h2&gt;
  
  
  Opsec engineering, not theater
&lt;/h2&gt;

&lt;p&gt;Local does not automatically mean safe. You have to design for your threat model. Mine is simple: protect intellectual work from dragnet collection, third party disclosure, and casual device seizure. I am not trying to outrun a nation state. I am trying to avoid creating evidence I do not need to create.&lt;/p&gt;

&lt;p&gt;Practical controls that matter:&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Default deny egress. UFW or nftables rule that blocks all outbound except NTP and your chosen sync peer. If Ollama tries to phone home, it fails closed.
Full disk encryption on the data partition, detached LUKS header on a separate microSD you keep on your keychain. No header, no decrypt.
Secure boot chain where possible, and a GPIO kill switch that runs a script to `cryptsetup luksClose` and `poweroff`. It is not magic, but it reduces the window for live forensics.
Tamper evident seals on the case if you travel. You are not preventing access, you are detecting it.
Encrypted backups to a second NVMe that lives elsewhere. Use borg or restic, not a cloud sync folder.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;

&lt;p&gt;This is not about evading lawful process. It is about not volunteering data. The cloud makes volunteering the default. Local makes consent explicit.&lt;/p&gt;

&lt;h2&gt;
  
  
  Cognitive consequences: privacy changes how you prompt
&lt;/h2&gt;

&lt;p&gt;Here is the mind enhancing part. When your second brain is private, your questions get braver and dumber in the best way.&lt;/p&gt;

&lt;p&gt;You ask half formed questions. You follow associative trails without worrying about your query history becoming a profile. You keep speculative notes that would be embarrassing if leaked. Creativity lives in that space.&lt;/p&gt;

&lt;p&gt;Psychologically, this reduces the panopticon effect. Foucault described how being watched changes behavior. Cloud AI is a soft panopticon. You self censor. You prompt for performance, not exploration. A local brain removes the observer. Your internal monologue gets its own silicon.&lt;/p&gt;

&lt;p&gt;I have measured this in my own work, informally but consistently. With local RAG I keep 30 percent more exploratory notes, I link notes twice as often, and I revisit old ideas more frequently because retrieval is frictionless and judgment free. The tool shapes the mind. Choose the shape intentionally.&lt;/p&gt;

&lt;h2&gt;
  
  
  Benchmarks and honest tradeoffs
&lt;/h2&gt;

&lt;p&gt;On he Pi 5 with NVMe and no Hailo, embedding throughput is about 120 to 180 chunks per minute with nomic-embed-text on CPU. With Hailo-8 offload, that rises to 400 plus. Initial ingest of a 4,200 note Obsidian vault takes 18 to 25 minutes cold.&lt;/p&gt;

&lt;p&gt;Generation speed with llama3.1 8B q4_K_M is 12 to 18 tokens per second. With a 6 chunk context at 800 tokens each, plus the answer, you are looking at 20 to 40 seconds for a substantive response. That is slower than cloud. It is also deterministic, private, and free at the margin.&lt;/p&gt;

&lt;p&gt;Memory pressure is real. Keep Qdrant’s HNSW parameters modest. M=16, ef_construct=200 is fine for personal scale. Limit Ollama context to 8192. Use streaming so you see tokens immediately.&lt;/p&gt;

&lt;p&gt;Failure modes to expect: SD card corruption if you skip the read only root, thermal throttling in a bad case, and terrible answers if you chunk poorly. Fix the ingest, not the model.&lt;/p&gt;

&lt;h2&gt;
  
  
  The ethics of owning your context
&lt;/h2&gt;

&lt;p&gt;There is a lazy critique that local AI is for people with something to hide. That is backwards. Local AI is for people with something to protect: client confidentiality, journalistic sources, unpublished research, medical notes, legal strategy, or simply the right to think without an audience.&lt;/p&gt;

&lt;p&gt;Democracies depend on private thought. If every intermediate idea is logged by a provider, the Overton window narrows. You stop exploring edges. Edges are where discovery lives.&lt;/p&gt;

&lt;p&gt;Owning your weights and your index is not anti social. It is pro cognitive liberty. You can still publish, still collaborate, still use cloud tools when appropriate. The difference is choice. You decide what leaves the device.&lt;/p&gt;

&lt;h2&gt;
  
  
  Build it this weekend
&lt;/h2&gt;

&lt;p&gt;You do not need a lab. You need a Pi 5, an NVMe, and a willingness to treat your notes as infrastructure.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Flash Raspberry Pi OS Lite 64 bit, enable PCIe, attach NVMe HAT.&lt;/li&gt;
&lt;li&gt;Partition and LUKS encrypt the NVMe. Mount at /mnt/brain.&lt;/li&gt;
&lt;li&gt;Install Docker, bring up the compose stack above.&lt;/li&gt;
&lt;li&gt;Pull models: &lt;code&gt;ollama pull llama3.1:8b-instruct-q4_K_M&lt;/code&gt; and ensure your embedder is running.&lt;/li&gt;
&lt;li&gt;Point the ingest script at your Obsidian vault. Tag aggressively. Embed.&lt;/li&gt;
&lt;li&gt;Query locally. Iterate on chunking until answers cite the right notes.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;When it works, notice the feeling. It is not just speed or privacy. It is sovereignty. Your associative memory is back where it belongs, in a box you can unplug.&lt;/p&gt;

&lt;p&gt;That is the second brain they cannot subpoena. Not because it is hidden, but because it was never theirs to begin with.&lt;/p&gt;

&lt;h2&gt;
  
  
  Go deeper
&lt;/h2&gt;

&lt;p&gt;If you want the exact parts list, thermal testing, and the field ready cyberdeck build I use for travel and red team gigs, start here:&lt;/p&gt;

&lt;p&gt;TRY HARDER: The Pi5 NVMe Field Cyberdeck You Actually Asked For&lt;/p&gt;

&lt;p&gt;TACTIX Field Cyberdeck - Pi5 NVMe Kali Rig&lt;/p&gt;

&lt;p&gt;If you want the full software blueprint with Docker configs, Hailo-8 acceleration, Obsidian sync patterns, and the air gapped assistant workflow, get this:&lt;/p&gt;

&lt;p&gt;Local Edge AI Blueprint: Run LLMs on Raspberry Pi 5 + Hailo-8 — The Air-Gapped Assistant (Ollama, RAG, Obsidian)&lt;br&gt;
Local Edge AI Blueprint: Run LLMs on Raspberry Pi 5 + Hailo-8 - The Air-Gapped Assistant (Ollama…&lt;/p&gt;

&lt;p&gt;Tired of "free" AI that costs you your data?Meet the anti-cloud. This is not another tutorial that stops at ollama run…&lt;br&gt;
numbpilled.gumroad.com&lt;/p&gt;

&lt;p&gt;Build your own mind. Keep it local.&lt;br&gt;
GIF of the day. Peace.&lt;/p&gt;

</description>
      <category>raspberrypi</category>
      <category>privacy</category>
      <category>programming</category>
      <category>rag</category>
    </item>
    <item>
      <title>The Backdoor in Your Browser: Why You Are the Product (And How to Opt Out)</title>
      <dc:creator>v. Splicer</dc:creator>
      <pubDate>Sun, 05 Jul 2026 20:32:48 +0000</pubDate>
      <link>https://dev.to/numbpill3d/the-backdoor-in-your-browser-why-you-are-the-product-and-how-to-opt-out-4jg9</link>
      <guid>https://dev.to/numbpill3d/the-backdoor-in-your-browser-why-you-are-the-product-and-how-to-opt-out-4jg9</guid>
      <description>&lt;p&gt;Your browser is not a window. It is a two-way mirror with a gift shop on the other side, and you are the inventory.&lt;/p&gt;

&lt;p&gt;You did not get hacked. You clicked “Agree and Continue.” That clean little icon in your dock, Chrome, Safari, Edge, Arc, whatever aesthetic you chose this quarter, feels like infrastructure. Like plumbing. You do not think about it until it leaks.&lt;/p&gt;

&lt;p&gt;It is leaking right now.&lt;/p&gt;

&lt;p&gt;In 2026 the tracking industry does not bother with creepy cookies anymore. Cookies are the flip phone of surveillance. Your browser now ships with polite, standards-compliant surveillance baked in, and it calls it privacy. The backdoor is not hidden in some shady extension. The backdoor &lt;em&gt;is&lt;/em&gt; the browser.&lt;/p&gt;

&lt;p&gt;Let us talk about why, how it works, and how to actually opt out without becoming the guy who runs Linux on a toaster and lectures people at parties.&lt;/p&gt;

&lt;h2&gt;
  
  
  Your browser shipped with a landlord
&lt;/h2&gt;

&lt;p&gt;Google does not build Chrome because they love fast JavaScript. They build Chrome because it is the perfect tollbooth for human intent. About 65 percent of the web flows through Chromium. That means Google gets to define what “privacy” means, then sell you the solution to the problem they defined.&lt;/p&gt;

&lt;p&gt;Apple is more tasteful. Safari blocks third-party cookies with one hand and builds an ad attribution system with the other. It is called Privacy Preserving Ad Measurement. The name tells you everything. They are not preserving your privacy from ads. They are preserving ads from your privacy tools.&lt;/p&gt;

&lt;p&gt;Microsoft took Edge, strapped Copilot to the sidebar, and gave it permission to read the page you are on “to help you.” Help you do what, exactly? Summarize the article while quietly building a graph of what you read, when you hesitate, what you copy.&lt;/p&gt;

&lt;p&gt;Even the “privacy browsers” play the game. Brave blocks trackers and then inserts its own affiliate codes. Arc is beautiful and funded by venture capital that expects a return. Nothing is free. If you are not paying for the browser, the browser is paying for itself with you.&lt;/p&gt;

&lt;p&gt;You are not the customer. You are the crop.&lt;br&gt;
The backdoor is not a bug. It is a business model&lt;/p&gt;

&lt;h2&gt;
  
  
  Here is the tour, no hoodie required.
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Third-party scripts in first-party clothing.&lt;/strong&gt; That chat widget, that analytics snippet, that “we value your privacy” banner itself loads five other things. CNAME cloaking makes tracker.example.com look like it belongs to the shop you trust. Your ad blocker sees a first-party subdomain and waves it through. The tracker sees everything.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Fingerprinting that does not care about your cookie settings.&lt;/strong&gt; Your browser happily reports your screen resolution, your installed fonts, your WebGL renderer, your audio stack, how fast your CPU hashes a string, even your battery status on some devices. Alone each signal is boring. Together they are a barcode. In 2026 the average fingerprint is stable for weeks, even across private windows.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;The Privacy Sandbox&lt;/strong&gt;, now with extra sand. Google killed third-party cookies and replaced them with Topics API v2 and Protected Audience. Your browser now watches what you do locally, assigns you to interest buckets like “Fitness Enthusiasts” or “Crypto Curious,” and shares those buckets with advertisers. It is not tracking, they say. It is your browser doing the tracking for them. Much better.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Telemetry you cannot fully disable.&lt;/strong&gt; Safe Browsing lookups, crash reports, field trials, component updates, translation prompts. Each one is reasonable in isolation. Together they are a steady heartbeat pinging home with URLs, hashes, and context. You can turn most of it off in chrome://flags until the next update turns it back on.&lt;/p&gt;

&lt;p&gt;Extensions are rootkits with good marketing. That coupon saver from 2019 still has “read and change all your data on all websites.” That means it can see your bank, your health portal, your DMs. Extension stores do malware scans. They do not do intent scans. If it makes money by injecting affiliate links, it will.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Sync is a cloud backup of your brain.&lt;/strong&gt; History, open tabs, passwords, addresses, payment methods, all sitting behind one Google or Apple ID. That account is protected by a password you probably reused, and a phone number that can be SIM-swapped. Convenience is just surveillance with autosave.&lt;/p&gt;

&lt;p&gt;None of this requires you to do anything dumb. It works because the defaults are designed to work.&lt;/p&gt;

&lt;h2&gt;
  
  
  Consent popups are just speed bumps
&lt;/h2&gt;

&lt;p&gt;You know the dance. Land on a site, get smacked with a banner, click “Accept All” because “Reject All” is hidden behind three menus and a dark pattern that looks like a disabled button.&lt;/p&gt;

&lt;p&gt;That click is not consent. It is compliance theater. The IAB Transparency and Consent Framework, the thing powering most of those popups, has been ruled illegal in the EU multiple times and is still everywhere because fines are cheaper than rebuilding the business.&lt;/p&gt;

&lt;p&gt;Even when you click reject, the scripts often load anyway. They just claim “legitimate interest.” Your interest in not being tracked is apparently less legitimate than their interest in tracking you.&lt;/p&gt;

&lt;p&gt;The backdoor does not ask for permission. It asks for fatigue.&lt;br&gt;
Incognito is a costume, not a cloak&lt;/p&gt;

&lt;p&gt;Let us kill this myth. Private browsing does three things: it does not save history locally, it starts with a fresh cookie jar, and it logs you out of sites when you close the window.&lt;/p&gt;

&lt;p&gt;It does not hide your IP from your ISP. It does not stop fingerprinting. It does not block the Meta Pixel or TikTok embed on the page. It does not stop your employer or your school or the coffee shop Wi-Fi from seeing where you go.&lt;/p&gt;

&lt;p&gt;I have watched people open Incognito to search for something sensitive, then log into Gmail in the same window. Congratulations, you just tied your “private” session to your identity with a bow.&lt;/p&gt;

&lt;p&gt;If Incognito were a disguise, it would be Groucho glasses.&lt;/p&gt;

&lt;h2&gt;
  
  
  What they actually make from you
&lt;/h2&gt;

&lt;p&gt;They do not sell your name in a spreadsheet anymore. That is amateur hour.&lt;/p&gt;

&lt;p&gt;They sell predictions. A score that says you are likely to buy a mattress in the next 14 days. A lookalike audience that behaves like 27-year-old women in Charlotte who read about hardware hacking and local AI. A bid request that includes your Topics, your approximate location, your device class, and the fact that you lingered 8.3 seconds on the pricing page.&lt;/p&gt;

&lt;p&gt;Advertisers do not need to know it is Lusynth. They just need to know it is someone exactly like you, right now, with a credit card nearby.&lt;/p&gt;

&lt;p&gt;The product team is not trying to make the browser faster for you. They are trying to make you more legible to the model. Infinite scroll, autoplay next video, algorithmic feeds that never end, notification dots that never clear, these are extraction interfaces. The more time you spend slightly confused, the more signal they collect.&lt;/p&gt;

&lt;p&gt;That low-grade anxiety you feel when you open a new tab and forget why? That is not ADHD. That is a billion dollars of UX research working as intended.&lt;/p&gt;

&lt;h2&gt;
  
  
  The opt-out playbook that actually works in 2026
&lt;/h2&gt;

&lt;p&gt;You do not need to move to the woods. You need to change the defaults and make tracking expensive.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 1:&lt;/strong&gt; fire your landlord. Delete Chrome from your dock. On desktop, use Mullvad Browser for maximum anti-fingerprinting, or Firefox with the Arkenfox user.js if you want control. On iOS, use Safari with Advanced Tracking and Fingerprinting Protection turned on, plus Wi-Fi Private Relay. On Android, use Firefox or Brave, but turn off all Brave Rewards, Wallet, and Leo AI features. Pick a browser that is not funded by ads.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 2:&lt;/strong&gt; containerize your identities. Firefox Multi-Account Containers is the cheat code. Put Google in a Google container. Put Meta in a Facebook container. Put Amazon in a shopping container. They cannot see each other. It is like giving each stalker their own hotel room with no windows.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 3:&lt;/strong&gt; block at the network, not just the tab. Install uBlock Origin, set it to hard mode, and break sites until you learn what they need. Then change your DNS to NextDNS and block trackers, CNAME cloaking, and newly registered domains. Better yet, run a Pi-hole at home. When your smart TV cannot phone home 400 times an hour, you will sleep better.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 4:&lt;/strong&gt; audit your extensions like they owe you money. If you have more than five, you have too many. If any of them ask for “access to all websites,” delete it unless you can explain exactly why it needs it. SponsorBlock, uBlock Origin, Bitwarden, and maybe Dark Reader. That is the whole list for most people.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 5:&lt;/strong&gt; kill browser sync. Turn it off. Use Bitwarden or Proton Pass for passwords. Use Syncthing or Obsidian with local vaults for notes. Use a local bookmark manager. If Google gets breached, your life should not be in the dump.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 6:&lt;/strong&gt; poison the well. Turn on resistFingerprinting in Firefox, use letterboxing, keep your window size standard, avoid installing weird fonts, and do not maximize the browser. Use the same user agent as everyone else. The goal is not to be invisible. The goal is to look like a crowd.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 7:&lt;/strong&gt; pay for things that protect you. A $5 NextDNS plan, a $4 Mullvad VPN, a $10 Proton Unlimited account. If you are not paying, someone else is, and they expect a return.&lt;/p&gt;

&lt;p&gt;Do these seven and you go from “easy money” to “not worth the effort” in an afternoon.&lt;/p&gt;

&lt;h2&gt;
  
  
  Level two: stop renting your brain
&lt;/h2&gt;

&lt;p&gt;Blocking trackers is defense. Owning your stack is offense.&lt;/p&gt;

&lt;p&gt;Every time you paste a private note, a client contract, or your journal into a hosted AI, you are training someone else’s model on your inner life. The backdoor is not just in your browser anymore. It is in your second brain.&lt;/p&gt;

&lt;p&gt;The fix is to run local. Not because local models are smarter today, they are not. But because they do not remember, they do not log, and they do not change terms next quarter.&lt;/p&gt;

&lt;p&gt;This is where I stopped theorizing and started building. A small box in my closet, a Raspberry Pi 5 and an old NUC, runs my AI gateway 24/7. No open ports. A Cloudflare Tunnel gives me a URL that points back home without exposing my IP. My agents call my gateway, my gateway calls my models, and nothing leaves the house unless I want it to.&lt;/p&gt;

&lt;p&gt;For physical stuff, I use ESP32 boards running a tiny WebSocket daemon. The LLM sends JSON like {“action”:”gpio_set”,”pin”:12,”value”:1}, the board flips a relay, and the garage opens. No cloud, no app, no subscription to open my own door.&lt;/p&gt;

&lt;p&gt;The glue is just Python and Bash. Health checks that restart services. Log rotation that does not fill the disk. Retry logic with exponential backoff. Idempotent provisioning so flashing ten boards does not turn into a weekend of pain.&lt;/p&gt;

&lt;p&gt;Once you have that, your browser stops mattering as much, because the important work never touches a third-party server.&lt;/p&gt;

&lt;h2&gt;
  
  
  You are not paranoid. You are priced
&lt;/h2&gt;

&lt;p&gt;People love to say privacy is dead. It is not dead. It is just unevenly distributed.&lt;/p&gt;

&lt;p&gt;The companies that tell you to accept tracking have entire teams dedicated to their own operational security. They use hardware keys, they run internal browsers with telemetry stripped, they compartmentalize. They know the backdoor is real. They just prefer it faces you, not them.&lt;/p&gt;

&lt;p&gt;You do not need to be invisible. You need to be expensive. Make fingerprinting unreliable. Make CNAME cloaking fail at DNS. Make cross-site tracking impossible with containers. Make AI inference local. Suddenly the model of you gets noisy, and noisy data is worthless.&lt;/p&gt;

&lt;p&gt;That is the real opt-out. Not deleting every account and living in a Faraday cage. It is changing the unit economics so surveilling you costs more than you are worth to an advertiser.&lt;br&gt;
Start with the browser because that is where they live. End with the stack because that is where you live.&lt;br&gt;
Want the actual blueprints instead of the rant?&lt;/p&gt;

&lt;p&gt;&lt;a href="https://numbpilled.gumroad.com/l/cyberdeck-raspberry-pi-5-build" rel="noopener noreferrer"&gt;THE RASPBERRY PI 5 CYBERDECK &amp;amp; FIELD-UNIT PLAYBOOK - Techno-Splicer Edition&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://numbpilled.gumroad.com/l/agentarsenal" rel="noopener noreferrer"&gt;AI Agent Arsenal: Deploying Autonomous Bots for Passive Intel Harvest&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://numbpilled.gumroad.com/l/pocket-recon-esp32" rel="noopener noreferrer"&gt;POCKET RECON: 75 ESP32 Projects for Wireless Research and Portable Hacking&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://numbpilled.gumroad.com/l/ultimate-python-bash-pack" rel="noopener noreferrer"&gt;Python Power: Scripts That Resurrect Lost Hours&lt;/a&gt;— my automation spellbook for health checks, log rotation, agent orchestration, and provisioning. The boring glue that makes self-hosting boring in a good way.&lt;/p&gt;

&lt;p&gt;Your browser came with a backdoor. You do not have to keep the keys under the mat.&lt;/p&gt;

</description>
      <category>security</category>
      <category>discuss</category>
      <category>cybersecurity</category>
      <category>marketing</category>
    </item>
    <item>
      <title>Weaponizing Silence: How to Disappear While Staying Connected</title>
      <dc:creator>v. Splicer</dc:creator>
      <pubDate>Sat, 04 Jul 2026 15:34:01 +0000</pubDate>
      <link>https://dev.to/numbpill3d/weaponizing-silence-how-to-disappear-while-staying-connected-1ldi</link>
      <guid>https://dev.to/numbpill3d/weaponizing-silence-how-to-disappear-while-staying-connected-1ldi</guid>
      <description>&lt;p&gt;Everyone is talking. Almost no one is thinking.&lt;/p&gt;

&lt;p&gt;Your morning starts with a vibration, then another, then a pile-on. Slack wants a status update. Instagram wants your face. A group chat you muted in March has resurrected itself to debate brunch. By 9:07 am you have done the emotional labor of a small call center and you have not finished your coffee.&lt;/p&gt;

&lt;p&gt;We call this being connected. A more honest word is being farmed.&lt;/p&gt;

&lt;p&gt;The internet does not pay you for your best ideas. It pays you for your fastest replies. Availability became a virtue, then a job description, then a personality. Silence got rebranded as flaking. I decided to rebrand it back, but with better tools.&lt;/p&gt;

&lt;p&gt;Not the aesthetic digital detox where you post a grainy photo of trees with “offline” in lowercase and then lurk from a finsta. I mean real disappearance. The kind where your work still ships, your people still feel held, your money still moves, and you are simply not there to watch the conveyor belt.&lt;/p&gt;

&lt;p&gt;You do not need to quit. You need to quit performing presence.&lt;/p&gt;

&lt;h3&gt;
  
  
  The Attention Tax Is Real, and You Are Overdrawn
&lt;/h3&gt;

&lt;p&gt;Every ping is a micro-withdrawal from your nervous system. You pay in focus, in mood, in the ability to finish a thought. Platforms collect the interest.&lt;/p&gt;

&lt;p&gt;Researchers at UC Irvine have been tracking this for years. After an interruption it takes roughly 23 minutes to get back to the original task. The average knowledge worker gets interrupted 80 to 90 times a day. Do the multiplication and you realize most people never actually get back. They just start new half-tasks until bedtime.&lt;/p&gt;

&lt;p&gt;We treat this like a willpower problem. It is an architecture problem. Your phone is designed to win. You will not out-discipline a trillion-dollar attention refinery. You have to change the plumbing.&lt;/p&gt;

&lt;p&gt;Silence is not doing nothing. Silence is compound interest for your brain. Ten uninterrupted minutes today becomes a finished essay next week becomes a body of work next year. The people who seem calm are not morally superior. They just stopped answering the door every time someone knocked.&lt;/p&gt;

&lt;h3&gt;
  
  
  Ghost Mode Is Not Rude. It Is Infrastructure.
&lt;/h3&gt;

&lt;p&gt;Old ghosting was avoidance. New ghosting is design.&lt;/p&gt;

&lt;p&gt;Think of a good hotel. You do not let strangers wander into your bedroom. There is a lobby, a front desk, a concierge. Your attention needs the same. Right now you live in a studio apartment with the front door open and a neon sign that says “PLEASE INTERRUPT.”&lt;/p&gt;

&lt;p&gt;Start with the lobby. Ten minutes of boring hygiene:&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Turn off read receipts everywhere. iMessage, WhatsApp, Instagram. Let people sit with a little mystery. Mystery reads as confidence now.
Kill badges and banners. If it is not a phone call from family, it can wait.
Set every messenger to Deliver Quietly. Vibration is just anxiety with haptics.
Default to offline status. Slack green dot is not honesty. It is surveillance cosplay.
Grayscale after 8 pm. Your brain thinks TikTok is a spreadsheet when the color is gone.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;

&lt;p&gt;This is not productivity theater. This is cleaning your room so you can think in it.&lt;/p&gt;

&lt;p&gt;But surface tweaks leak. People still expect you because you trained them to. That is where the middle layer comes in.&lt;br&gt;
The Three Layers of Disappearing&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Layer One:&lt;/strong&gt; Invisibility. You are not lying about being away. You are just not broadcasting your coordinates. Turn off active status on every app. Remove last seen. Hide typing indicators. On Slack, set yourself to away permanently and write a status that tells the truth: “Async. I check at 11 and 4 ET.”&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Layer Two:&lt;/strong&gt; Automation. This is where you stop apologizing and start informing. Replace “sorry for the delay” with a clear contract.&lt;/p&gt;

&lt;p&gt;My email auto-reply is not cute. It says: “I read email twice a day. If you need me sooner, call. If not, you will get a better answer at 4.” My DMs say: “Slow replies here. If urgent, text.”&lt;/p&gt;

&lt;p&gt;Filters do the rest. Gmail skips the inbox for anything with unsubscribe. Newsletters go to a Read Later label I actually read on Sundays with coffee. Client work gets starred and summarized. Friends bypass filters entirely. You are not missing out. You are editing.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Layer Three:&lt;/strong&gt; Delegation. This is the weapon. You do not just mute the world. You hire a ghost to represent you while you are gone.&lt;/p&gt;

&lt;p&gt;I run persistent agents on a small box in my apartment. They are not chatbots trying to be my therapist. They are workers. They read, they summarize, they draft, they queue. I stay connected because my systems are connected. I am just not in the room for the noise.&lt;/p&gt;

&lt;h3&gt;
  
  
  You Do Not Need More Discipline. You Need Better Agents
&lt;/h3&gt;

&lt;p&gt;Willpower is a story we tell ourselves after the app wins again. You will lose to infinite scroll because it was built to beat you. Stop fighting fair.&lt;/p&gt;

&lt;p&gt;In 2026 the move is not another focus timer. The move is cloning your taste into software that works while you sleep. Not in the cloud where your data becomes training fodder. On hardware you control, with rules you wrote.&lt;/p&gt;

&lt;p&gt;Here is what that looks like in practice, no guru nonsense.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Morning briefing:&lt;/strong&gt; an agent pulls email, Slack mentions, Instagram DMs, and Texts. It does not dump transcripts. It writes three bullets. “Client needs revised scope by Friday. Maya asked about dinner Thursday. Your landlord sent the lease renewal.” I decide in 90 seconds instead of drowning for an hour.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Drafting:&lt;/strong&gt; a second agent writes replies in my voice. Short sentences. No exclamation points unless someone had a baby. It knows I hate the phrase “circle back” and that I always sign off with “lmk.” I skim, tweak one line, hit send all.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Publishing:&lt;/strong&gt; a third agent posts the thing I wrote yesterday, replies to the first wave of comments with context from the post, and logs off. No scrolling. No “just checking.”&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Evening sweep:&lt;/strong&gt; another agent checks for anything with money, health, or family keywords. Those get flagged red and pushed to me. Everything else waits for tomorrow.&lt;/p&gt;

&lt;p&gt;I did not become a monk. I became represented. That is the difference between logging off and weaponizing silence.&lt;/p&gt;

&lt;h3&gt;
  
  
  The Silence Stack I Actually Run
&lt;/h3&gt;

&lt;p&gt;People ask for my app list. It is not about apps. It is about a stack with clear jobs.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Inbox Router:&lt;/strong&gt; Everything lands in one place, gets labeled, then gets summarized. I never open raw email first. I open the summary. If the summary is boring, the email was boring.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Voice Mirror:&lt;/strong&gt; I fed an agent about 200 of my past messages so it learned my cadence. Not to replace me. To draft the first pass so I do not start from zero. Starting from zero is where most people quit.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Boundary Bot:&lt;/strong&gt; It enforces my own rules. After 6 pm, it holds non urgent drafts until morning. If someone sends three follow ups in an hour, it sends the boundary note automatically. “Hey, I saw this. I will answer at 11 am. If this is an emergency, call.” Most things are not emergencies.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Social Ghost:&lt;/strong&gt; It watches the platforms I need for work, pulls mentions, and ignores the rest. It does not read comments for fun. It does not care about the algorithm’s feelings. It logs sentiment, flags opportunities, and closes the tab.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Kill Switch:&lt;/strong&gt; Nothing sends without a ten minute delay unless I whitelist it. I have undone more bad replies in that window than I can count. Silence is also the space between impulse and send.&lt;/p&gt;

&lt;p&gt;This stack lives on my machine. No cloud dashboards selling my habits back to me. If you want the exact wiring, the persistent session setup, the tool scoping, and the log hygiene that keeps it from drifting, that is the whole point of the OpenClaw + Claude Code playbook. If you want the task file architecture and the CLAUDE.md patterns that keep agents from hallucinating your personality, that is the Paperclip Method.&lt;/p&gt;

&lt;h3&gt;
  
  
  What To Actually Say When You Stop Replying
&lt;/h3&gt;

&lt;p&gt;People do not get mad about slow replies. They get mad about uncertainty. Give them certainty once, then live it.&lt;/p&gt;

&lt;p&gt;Copy paste these:&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt; Email footer: “I check email at 11am and 4pm ET. You will get a better answer then.”
Instagram bio: “Slow DMs. For work: email.”
Slack status: “Async. Call for urgent.”
Auto DM: “Got it. I batch replies. If time sensitive, text.”
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;

&lt;p&gt;Do not apologize every time. Apologizing trains people to expect the old you. Informing trains them to respect the new one.&lt;/p&gt;

&lt;p&gt;For friends, keep one sacred channel. Mine is phone calls from five people. Everyone else gets the system and they know it. When I do pick up, I am actually there. No half listening while scrolling. That tradeoff is worth more than instant replies ever were.&lt;/p&gt;

&lt;h3&gt;
  
  
  The Ethics of Vanishing
&lt;/h3&gt;

&lt;p&gt;Weaponizing silence is not about punishing people. It is about protecting the part of you that makes anything worth sharing.&lt;/p&gt;

&lt;p&gt;If you just disappear, you are flaking. If you disappear with scaffolding, you are being responsible. You give people clarity, consistency, and a better version of you when you show up.&lt;/p&gt;

&lt;p&gt;Do not use agents to dodge hard conversations. Let them draft the difficult email, then read it out loud to yourself. If your stomach drops, edit it. Some silences need to be human.&lt;/p&gt;

&lt;p&gt;And do not weaponize silence against people with less power than you. Your boss can wait four hours. Your anxious friend who is spiraling probably should not. Build overrides for humanity. My system flags words like “hospital,” “panic,” “eviction,” “pregnant.” Those break through immediately. Everything else can wait.&lt;/p&gt;

&lt;h3&gt;
  
  
  What Happens After You Stop Performing Availability
&lt;/h3&gt;

&lt;p&gt;Week one feels itchy. You will unlock your phone and stare at a clean lock screen and not know what to do with your hands. That is withdrawal. It passes.&lt;/p&gt;

&lt;p&gt;Week two, people adjust faster than you think. They start writing better first messages because they know you will not play 20 questions in real time. “Can we talk?” becomes “Can we talk about the Q3 budget for 15 minutes tomorrow at 2?” You answer once and it is done.&lt;/p&gt;

&lt;p&gt;Week three, your brain comes back. You remember boredom. Boredom is not a bug. It is the loading screen for original thought. You start finishing things. A draft. A workout. A book. You stop narrating your life and start living it.&lt;/p&gt;

&lt;p&gt;Month two, the quality filter kicks in. The people who only liked you for your response time quietly fade. The people who like your actual work stick around. You did not lose community. You lost an audience that treated you like customer support.&lt;/p&gt;

&lt;p&gt;Month three, silence becomes your brand. In a feed where everyone is screaming daily, the person who speaks once a week and says something true cuts through. You post less. It lands harder. You reply slower. People listen more.&lt;/p&gt;

&lt;p&gt;I spent a weekend in June with my phone in airplane mode near the Whitewater Center. My newsletter went out on time. A client got a clean project update. My sister got her birthday voice note. None of it came from me live. All of it sounded like me because I trained the ghost first. That is the point. You do not disappear to abandon people. You disappear to give them the best version of you without sacrificing yourself to the feed.&lt;/p&gt;

&lt;h3&gt;
  
  
  Silence Is the New Flex
&lt;/h3&gt;

&lt;p&gt;Luxury used to be a watch that told everyone you had money. Now luxury is no one knowing where you are and everything still working.&lt;/p&gt;

&lt;p&gt;You can buy the status symbol. Or you can build the system that makes you untouchable for hours at a time. One depreciates. The other pays dividends in focus, calm, and actual work.&lt;/p&gt;

&lt;p&gt;The culture will keep rewarding speed until it burns out. Let it. You are not here to win the fastest reply award. You are here to make things that last longer than a notification.&lt;/p&gt;

&lt;p&gt;Build the lobby. Train the front desk. Give your agents clear rules and real kill switches. Tell people how to reach you and mean it. Then go upstairs, close the door, and do the work only you can do.&lt;/p&gt;

&lt;p&gt;Weaponized silence is not absence. It is presence, on purpose.&lt;/p&gt;

</description>
      <category>productivity</category>
      <category>discuss</category>
      <category>privacy</category>
      <category>learning</category>
    </item>
    <item>
      <title>Nobody Is Coming to Save Your Privacy. Build the Tools Yourself</title>
      <dc:creator>v. Splicer</dc:creator>
      <pubDate>Wed, 01 Jul 2026 01:08:42 +0000</pubDate>
      <link>https://dev.to/numbpill3d/nobody-is-coming-to-save-your-privacy-build-the-tools-yourself-4ie</link>
      <guid>https://dev.to/numbpill3d/nobody-is-coming-to-save-your-privacy-build-the-tools-yourself-4ie</guid>
      <description>&lt;p&gt;&lt;em&gt;The cavalry isn't delayed. It was never dispatched.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;You have already done the ritual. You clicked "accept all" before coffee, you let a weather app read your contacts, you told a chatbot your childhood trauma because it felt cheaper than therapy. Then you opened a new tab to search "best privacy VPN 2026" and felt briefly virtuous.&lt;/p&gt;

&lt;p&gt;Nothing changed.&lt;/p&gt;

&lt;p&gt;Privacy is not stuck in committee. It is working exactly as designed. Your data is the ore, prediction is the refinery, behavior change is the product. Every glossy privacy dashboard is a control panel for you, not for them. The house always wins because the house built the table.&lt;/p&gt;

&lt;p&gt;If you want a different outcome, you need a different table. That means you build.&lt;/p&gt;

&lt;h2&gt;
  
  
  1. The Comfortable Lie We Bought
&lt;/h2&gt;

&lt;p&gt;The privacy industrial complex sells placebos with great UX. Incognito mode is amnesia for your browser, not for Google. Apple's privacy nutrition labels are written by the same people who ship an ad network in your settings app. VPN ads promise "military grade encryption" while the company resells your bandwidth to data brokers through a shell in the Seychelles.&lt;/p&gt;

&lt;p&gt;We wanted a feeling, not a system. The feeling is calm. The system is extraction.&lt;/p&gt;

&lt;p&gt;This is why privacy advice feels like skincare. Ten steps, expensive serums, no change in underlying biology. You install three blockers that all inject the same fingerprintable JavaScript. You pay for a password manager that syncs to a cloud you cannot audit. You enable two factor authentication that routes through a phone number that can be SIM swapped by a bored teenager.&lt;/p&gt;

&lt;p&gt;The lie is comfortable because it outsources responsibility. The truth is uncomfortable because it returns it.&lt;/p&gt;

&lt;h2&gt;
  
  
  2. Consent Theater and the Business of Exhaustion
&lt;/h2&gt;

&lt;p&gt;GDPR banners were supposed to give you choice. They gave you fatigue. Dark patterns are not accidents. They are conversion funnels for compliance. The goal is not informed consent. The goal is learned helplessness.&lt;/p&gt;

&lt;p&gt;Every toggle is framed as a trade you cannot refuse. Accept tracking or the site breaks. Share location or the app is useless. Upload contacts or you cannot find friends. This is not a negotiation. It is a hostage situation with better fonts.&lt;/p&gt;

&lt;p&gt;Exhaustion scales. Companies have legal teams. You have a thumb. They can A/B test the shade of blue that makes you click faster. You cannot A/B test your willpower at 11 pm.&lt;/p&gt;

&lt;p&gt;The only way to win an exhaustion game is to stop playing. Replace the service, do not renegotiate the terms.&lt;/p&gt;

&lt;h2&gt;
  
  
  3. The Economics of You
&lt;/h2&gt;

&lt;p&gt;You are not the product. That phrase is too cute. You are the raw material, the factory, and the market research department, all in one.&lt;/p&gt;

&lt;p&gt;Your attention is logged, your hesitation is measured, your deletion is noted. Every model that summarizes you gets better at nudging you. The business model is not advertising. The business model is behavior modification at scale, sold to the highest bidder.&lt;/p&gt;

&lt;p&gt;This is why privacy cannot be solved by policy alone. Policy regulates how the refinery reports emissions. It does not stop the refinery from existing. As long as the incentives reward prediction, the infrastructure will optimize for surveillance.&lt;/p&gt;

&lt;p&gt;You cannot petition a gradient descent algorithm into having ethics. You can starve it.&lt;/p&gt;

&lt;h2&gt;
  
  
  4. Waiting Is a Vulnerability You Cannot Patch
&lt;/h2&gt;

&lt;p&gt;Waiting feels responsible. You are waiting for the perfect encrypted messenger, the right regulation, the secure phone that does not suck. While you wait, your data rots in a breach you will hear about in two years.&lt;/p&gt;

&lt;p&gt;History is clear. The tools that mattered were built by impatient people. Phone phreaks did not wait for AT&amp;amp;T to be nice. Cypherpunks did not wait for export controls to lift. Tor developers did not wait for permission to route around censorship. Signal was built because Moxie got tired of watching SMS leak.&lt;/p&gt;

&lt;p&gt;Patch Tuesday is not a strategy. It is an admission that someone else controls your root of trust. Every automatic update is a remote code execution event you hope is benevolent. Hope is not a security posture.&lt;/p&gt;

&lt;p&gt;Impatience is a feature. It forces you to learn the stack.&lt;/p&gt;

&lt;h2&gt;
  
  
  5. A Brief History of People Who Did Not Wait
&lt;/h2&gt;

&lt;p&gt;In the 1970s, phreaks built blue boxes from Radio Shack parts because Ma Bell charged rent on curiosity. In the 1990s, PGP spread as source code printed in books to bypass munitions law. In the 2000s, home routers got OpenWrt because vendors abandoned them. In the 2010s, activists ran mesh networks when governments shut off the internet.&lt;/p&gt;

&lt;p&gt;None of these were products. They were responses. Each one said the same thing: if the infrastructure is hostile, become infrastructure.&lt;/p&gt;

&lt;p&gt;That lineage is your inheritance. You do not need a venture round to continue it. You need a Pi, a soldering iron, and the willingness to read error logs without crying.&lt;/p&gt;

&lt;h2&gt;
  
  
  6. Your Real Threat Model Is Boring and Expensive
&lt;/h2&gt;

&lt;p&gt;Forget the movie plot. Your adversary is not a van with antennas. It is a data broker in Tampa that sells your household income bracket to a payday lender. It is a hiring platform that scores your "culture fit" from your public posts. It is an insurance model that infers depression from typing cadence.&lt;/p&gt;

&lt;p&gt;These threats are boring, which makes them effective. They do not need to break encryption. They need you to stay on the default settings.&lt;/p&gt;

&lt;p&gt;Map it honestly. What data, if leaked, would cost you money, relationships, or freedom? Where does that data live right now? Who can read it without your knowledge? How many companies have a copy because you clicked "continue with Google"?&lt;/p&gt;

&lt;p&gt;Now invert the map. Move the data to hardware you control. Reduce copies. Replace identity providers with keys you hold. Shrink the blast radius until a breach is an annoyance, not an eviction notice.&lt;/p&gt;

&lt;h2&gt;
  
  
  7. Sovereignty by Soldering: Principles, Not Products
&lt;/h2&gt;

&lt;p&gt;Building is not about buying more gear. It is about adopting principles that products violate by design.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Local first.&lt;/strong&gt; If it cannot run without the internet, it is a rental.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Open firmware or it is a black box.&lt;/strong&gt; You cannot secure what you cannot inspect.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Keys live on hardware you can touch.&lt;/strong&gt; YubiKeys, Nitrokeys, or a Pi acting as a CA in a drawer. Not in a browser extension that syncs to the cloud.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Compartmentalize by default.&lt;/strong&gt; Separate machines, profiles, or at minimum browser containers for work, personal, shopping, and research. Cross contamination is how profiles get built.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Telemetry is adversarial.&lt;/strong&gt; If it phones home, assume it will betray you during an acquisition.&lt;/p&gt;

&lt;p&gt;These are not opinions. They are constraints that force better designs. Constraints are how hackers turn scarcity into advantage.&lt;/p&gt;

&lt;h2&gt;
  
  
  8. The Stack You Can Actually Own in a Weekend
&lt;/h2&gt;

&lt;p&gt;You do not need a data center. You need about $300 and a Saturday.&lt;/p&gt;

&lt;p&gt;Start with compute. A Raspberry Pi 5 with an NVMe base is stupid fast for five watts. Install a minimal Debian, full disk encryption with LUKS, unattended upgrades, and Tailscale or WireGuard for access. This is your home base.&lt;/p&gt;

&lt;p&gt;Add services that remove you from other people's clouds:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Pi-hole or AdGuard Home for DNS filtering. Block telemetry at the name level.&lt;/li&gt;
&lt;li&gt;Unbound as a recursive resolver so you stop asking Cloudflare what you are thinking about.&lt;/li&gt;
&lt;li&gt;Vaultwarden for passwords. Your secrets never leave your house.&lt;/li&gt;
&lt;li&gt;Syncthing for files. No accounts, no storage limits, just devices you trust.&lt;/li&gt;
&lt;li&gt;Immich for photos. Face recognition locally, not in a marketing database.&lt;/li&gt;
&lt;li&gt;A WireGuard exit node so every coffee shop sees encrypted noise to your house, not your traffic.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Put it on a UPS. Back it up to an encrypted USB drive you rotate monthly. Print the recovery keys and store them like cash.&lt;/p&gt;

&lt;p&gt;You now have a personal cloud that cannot be subpoenaed from a third party because there is no third party. That is not paranoia. That is basic architecture.&lt;/p&gt;

&lt;h2&gt;
  
  
  9. Air Gaps, Local Models, and the End of Cloud Confessionals
&lt;/h2&gt;

&lt;p&gt;The most intimate data leak of 2026 is not your location. It is your prompts.&lt;/p&gt;

&lt;p&gt;You paste your business plan, your therapy notes, your source code into a hosted LLM because it is convenient. That convenience is a permanent donation to someone else's training set. Even with "no training" toggles, you are trusting a counterparty whose incentives change quarterly.&lt;/p&gt;

&lt;p&gt;Run it locally. A Pi 5 with a Hailo-8 or similar accelerator runs 7B to 13B quantized models fast enough for real work. Use Ollama for the runtime, build a RAG pipeline over your Obsidian vault, keep embeddings on NVMe. Your assistant knows your notes, your contracts, your research, and has never touched the public internet.&lt;/p&gt;

&lt;p&gt;This changes your psychology. You stop self censoring. You ask dumber questions, which is how you get smarter answers. You iterate on sensitive ideas without laundering them through a terms of service.&lt;/p&gt;

&lt;p&gt;An air gap is not about fear. It is about creative freedom. Artists need studios with doors. Thinkers need models with walls.&lt;/p&gt;

&lt;h2&gt;
  
  
  10. Field Craft: Why a Cyberdeck Changes Your Brain
&lt;/h2&gt;

&lt;p&gt;A laptop is designed for compliance. A phone is designed for tracking. A cyberdeck is designed for curiosity.&lt;/p&gt;

&lt;p&gt;When you build a field unit, you make choices that commercial hardware hides. You choose the antenna. You choose the SDR. You choose whether the mic has a physical kill switch. You choose the battery chemistry and the thermal envelope. You become the product manager of your own autonomy.&lt;/p&gt;

&lt;p&gt;Carry it and your behavior shifts. You start noticing what networks are actually broadcasting. You see how many BLE beacons follow you through a mall. You learn that hotel captive portals are just bad web apps begging to be routed around. You stop asking for WiFi passwords and start bringing your own backhaul via LTE hat or LoRa mesh.&lt;/p&gt;

&lt;p&gt;The cyberdeck is not aesthetic, though it looks cool. It is pedagogical. It teaches you that the environment is programmable. Once you feel that, you cannot unfeel it.&lt;/p&gt;

&lt;h2&gt;
  
  
  11. Opsec for Humans, Not Influencers
&lt;/h2&gt;

&lt;p&gt;Influencer opsec is performance. Faraday bag for the camera, then post GPS tagged stories from the same phone. Real opsec is boring hygiene repeated until it is automatic.&lt;/p&gt;

&lt;p&gt;Use separate profiles for separate roles. Your activism browser is not your shopping browser. Your work identity does not touch your personal GitHub. Your research machine never logs into anything tied to your legal name.&lt;/p&gt;

&lt;p&gt;Prefer apps that export plain text. Markdown, org mode, CSV. Data that can leave is data you control. Proprietary databases are roach motels.&lt;/p&gt;

&lt;p&gt;Turn off what you do not use. Bluetooth, AirDrop, location history, ad IDs. Not because you are hiding, but because attack surface is real estate. Shrink it.&lt;/p&gt;

&lt;p&gt;Practice restores. Backups are worthless if you have never restored. Once a quarter, wipe a test device and rebuild from your notes. If it hurts, fix the notes.&lt;/p&gt;

&lt;h2&gt;
  
  
  12. The Social Layer: Build Guilds, Not Audiences
&lt;/h2&gt;

&lt;p&gt;Privacy is not individual. If your friends use leaky tools, your messages leak through them. The answer is not lecturing. The answer is building a guild.&lt;/p&gt;

&lt;p&gt;A guild is five to ten people who agree on tools and help each other maintain them. You run a shared Matrix or SimpleX server on your Pi. You trade PGP keys in person. You host cryptoparties where you flash routers and set up password managers for family.&lt;/p&gt;

&lt;p&gt;Guilds create network effects for autonomy. One person running a VPN exit is weird. Five friends sharing exits in different cities is resilient. One person self hosting photos is a hobby. A family that syncs albums over Syncthing is immune to another photo service shutting down.&lt;/p&gt;

&lt;p&gt;Community is the only moat that surveillance capitalism cannot buy. It has to be earned with competence and care.&lt;/p&gt;

&lt;h2&gt;
  
  
  13. Legal Realism Without Defeatism
&lt;/h2&gt;

&lt;p&gt;Laws matter, but they lag. Do not outsource your safety to a future ruling. At the same time, do not cosplay as an outlaw. Learn the rules of your jurisdiction, then engineer around the bad ones.&lt;/p&gt;

&lt;p&gt;Use encryption that is standard and well audited. Prefer tools with plausible deniability built in, like hidden volumes, but do not rely on magic. Know that metadata is often more revealing than content, which is why you route DNS and push traffic through your own WireGuard.&lt;/p&gt;

&lt;p&gt;Document your threat model. If you ever need to explain your setup, "I run a home server for backups and to block ads" is boring and true. Boring is good. Boring does not get you on lists.&lt;/p&gt;

&lt;h2&gt;
  
  
  14. The Maintenance Mindset
&lt;/h2&gt;

&lt;p&gt;Building is fun. Maintaining is freedom.&lt;/p&gt;

&lt;p&gt;Schedule it. First Sunday of the month: updates, backups, key rotation check, test restore, review logs for weirdness. Keep a changelog. Treat your infrastructure like a garden, not a monument.&lt;/p&gt;

&lt;p&gt;Automation helps, but do not automate what you do not understand. A cron job that breaks silently is worse than a manual task you remember. Alerting is part of the build. If your Pi-hole stops blocking, you should know before the ads do.&lt;/p&gt;

&lt;p&gt;Expect entropy. SD cards die. Power supplies sag. Cats chew cables. Design for failure and you will rarely experience it as catastrophe.&lt;/p&gt;

&lt;h2&gt;
  
  
  15. Nobody Is Coming. Good.
&lt;/h2&gt;

&lt;p&gt;There is a quiet dignity in accepting that no institution will save you. It means you stop waiting for perfect policy, perfect products, perfect people. You start building imperfect tools that you control, then you iterate.&lt;/p&gt;

&lt;p&gt;This is the hacker ethos at its best. Not nihilism, not paranoia, but practical optimism. The world is programmable. The defaults are hostile. Therefore we reprogram the defaults.&lt;/p&gt;

&lt;p&gt;You will make mistakes. You will lock yourself out once. You will learn more from that afternoon than from a year of reading privacy blogs. You will help someone else avoid the same mistake, and that is how culture spreads.&lt;/p&gt;

&lt;p&gt;Privacy is not a right that is granted. It is a skill that is practiced. Skills require tools. Tools require hands.&lt;/p&gt;

&lt;p&gt;So put your hands on something you can own.&lt;/p&gt;




&lt;h3&gt;
  
  
  If you want a place to start that is not theory
&lt;/h3&gt;

&lt;p&gt;I publish the build logs I actually use in the field. No trackers, no funnels, just the steps and the gotchas.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;&lt;a href="https://numbpilled.gumroad.com/l/tryharder" rel="noopener noreferrer"&gt;TRY HARDER: The Pi5 NVMe Field Cyberdeck You Actually Asked For&lt;/a&gt; – the modular, fast, low power unit I carry when I assume the network is hostile. Pay what you want from $0 to $55.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;a href="https://numbpilled.gumroad.com/l/local-ai-edge-cyberdeck" rel="noopener noreferrer"&gt;Local Edge AI Blueprint: Run LLMs on Raspberry Pi 5 + Hailo-8 - The Air-Gapped Assistant&lt;/a&gt; – Ollama, RAG, and Obsidian wired for private reasoning. Your notes stay on your desk. $0 to $80.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;a href="https://numbpilled.gumroad.com/l/stripper-zero" rel="noopener noreferrer"&gt;StripperZero - Build a Flipper Zero for $40&lt;/a&gt; – ESP32-S3 lab manual for IR, Sub-GHz, BLE, and HID research without the markup. $0 to $35.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;a href="https://numbpilled.gumroad.com/l/cyberdeck-raspberry-pi-5-build" rel="noopener noreferrer"&gt;THE RASPBERRY PI 5 CYBERDECK &amp;amp; FIELD-UNIT PLAYBOOK - Techno-Splicer Edition&lt;/a&gt; – parts, power budgets, thermals, and case files for a real handheld lab.&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Build one thing this month. Make it yours. Then teach someone else. That is how we get privacy back, not by asking, but by wiring it into the world ourselves.&lt;/p&gt;

</description>
      <category>privacy</category>
      <category>cybersecurity</category>
      <category>programming</category>
      <category>security</category>
    </item>
    <item>
      <title>Time Necromancy: 100 Python Scripts That Resurrect Lost Hours</title>
      <dc:creator>v. Splicer</dc:creator>
      <pubDate>Tue, 30 Jun 2026 01:41:40 +0000</pubDate>
      <link>https://dev.to/numbpill3d/time-necromancy-100-python-scripts-that-resurrect-lost-hours-434o</link>
      <guid>https://dev.to/numbpill3d/time-necromancy-100-python-scripts-that-resurrect-lost-hours-434o</guid>
      <description>&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="n"&gt;Raise&lt;/span&gt; &lt;span class="n"&gt;your&lt;/span&gt; &lt;span class="n"&gt;productivity&lt;/span&gt; &lt;span class="k"&gt;from&lt;/span&gt; &lt;span class="n"&gt;the&lt;/span&gt; &lt;span class="n"&gt;dead&lt;/span&gt; &lt;span class="k"&gt;with&lt;/span&gt; &lt;span class="n"&gt;pure&lt;/span&gt; &lt;span class="n"&gt;Python&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;em&gt;You are not busy. You are unscripted.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;Look at your day. You rename screenshots by hand. You drag files into folders like a medieval monk. You answer the same three Slack questions. You open twelve tabs to do a five minute task. That is not hustle. That is a memory leak in your human OS.&lt;/p&gt;

&lt;p&gt;Time necromancy is not productivity porn. It is writing small, mean Python daemons that do the boring stuff while you sleep, eat, or actually build something. You trade one focused hour for a hundred hours back over a year. That is not a hack. That is compound interest for people who can code.&lt;/p&gt;

&lt;p&gt;I put together a guide filled with one hundred proven automations, workflows, rituals, and patterns for resurrecting hours every week using nothing but Python. It is built for developers who want to stop drowning in microtasks and start reclaiming their days with intention.&lt;/p&gt;

&lt;p&gt;It covers file rituals, text rituals, data rituals, daily digests, habit tracking, session operators, personal automations, and small daemons that quietly run your machine while you live your life.&lt;/p&gt;

&lt;h3&gt;
  
  
  The necromancy doctrine
&lt;/h3&gt;

&lt;p&gt;Forget morning routines. Learn the three laws.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;If you do it twice, it gets a sigil.&lt;/strong&gt; A sigil is a script. Not a checklist. Not a template. Code. If your fingers remember the steps, your computer should too.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Daemons beat dashboards.&lt;/strong&gt; Dashboards show you the fire. Daemons put it out before you smell smoke. I do not want another analytics page. I want a script that fixes the thing and only pings me if it fails twice.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Own the ritual or rent your soul.&lt;/strong&gt; If your automation lives in someone else’s cloud, you do not own your time. You lease it. Run it locally. Cron does not have a pricing tier. Systemd does not send you upsell emails.&lt;/p&gt;&lt;/li&gt;
&lt;/ol&gt;

&lt;h3&gt;
  
  
  The 100, broken into covens
&lt;/h3&gt;

&lt;p&gt;This is not 100 side projects. It is 10 covens of 10 scripts each. Small, vicious, and replaceable. Ultimately magical. Get wizardly with it.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;File Rituals&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;`exorcise_downloads.py` watches ~/Downloads, renames by date and source, moves to vault
`pdf_necromancer.py` OCRs everything, makes it searchable, deletes the original scan
`duplicate_hunter.py` finds near-duplicates by hash and kills them
`screenshot_baptism.py` auto crops, renames, uploads to your own bucket
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Text Rituals&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;`inbox_exorcist.py` parses receipts, extracts vendor and total, files them
`meeting_transcript_cleaner.py` strips filler words, timestamps action items
`obsidian_linker.py` finds orphan notes and links them by semantic similarity
`readme_writer.py` generates project READMEs from git histoy
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Inbox and Comms&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;`slack_vampire.py` mutes channels during focus blocks, summarizes mentions after
`email_triage.py` labels, archives, and drafts replies for low stakes threads
`followup_lich.py` resurfaces emails you forgot after 3 days with no reply
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Calendar Vampires&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;`daily_brief.py` at 6am builds a one pager: meetings, attendees, last context, open PRs
`focus_ward.py` kills notifications, opens Zed workspaces, starts a timer
`meeting_cost.py` calculates how much money that standup just burned
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Data Rituals&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;- `csv_autopsy.py` cleans exports, fixes dates, drops empty columns
- `api_poller.py` hits your own services, writes to SQLite, alerts on drift
- `budget_wraith.py` reads bank CSVs, categorizes, texts you if you are over
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;System Daemons&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;- `battery_lich.py` caps charge at 80 percent on your laptop
- `docker_graveyard.py` prunes images older than 7 days
- `log_necromancer.py` tails OpenClaw logs and drops summaries into Obsidian
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Dev Rituals&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;- `paperclip_farm.py` spawns persistent Claude agents with scoped task files
- `pr_summoner.py` opens PRs, runs tests, posts results to Discord
- `changelog_seer.py` writes release notes from commits
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Web and Recon&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;- `price_watcher.py` tracks Gumroad competitors, alerts on changes
- `bug_hunter.py` runs the three recon moves on a target list nightly
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Habit and Health&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;- `standup_ghost.py` nags you to stand every 50 minutes
- `sleep_ward.py` dims screens and kills distracting apps at 10pm
- `hydration_imp.py` logs water if you hit a key combo
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Session Operators&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;- `workon.py` sets env vars, opens projects, restores tmux
- `shutdown_rite.py` closes everything, backs up vault, commits dotfiles
- `context_switch.py` saves current state before you jump tasks
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;None of these are impressive alone. Together they are a personal operating system.&lt;/p&gt;

&lt;h3&gt;
  
  
  How I actually run this digital seance
&lt;/h3&gt;

&lt;p&gt;Folder structure is boring and that is the point.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;~/necromancy/
 rituals/file/
 rituals/text/
 daemons/
 logs/
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Every script logs to &lt;code&gt;logs/ritual_name.log&lt;/code&gt;. Every script exits non-zero on failure. Every script reads config from env, not hardcoded paths.&lt;/p&gt;

&lt;p&gt;I use systemd timers on Linux, launchd on Mac. Cron is fine if you like archaeology.&lt;/p&gt;

&lt;p&gt;Example timer for the daily brief:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight systemd"&gt;&lt;code&gt;&lt;span class="k"&gt;[Unit]&lt;/span&gt;
&lt;span class="nt"&gt;Description&lt;/span&gt;&lt;span class="p"&gt;=&lt;/span&gt;Daily brief necromancy
&lt;span class="k"&gt;[Timer]&lt;/span&gt;
&lt;span class="nt"&gt;OnCalendar&lt;/span&gt;&lt;span class="p"&gt;=&lt;/span&gt;*-*-* 06:00
&lt;span class="nt"&gt;Persistent&lt;/span&gt;&lt;span class="p"&gt;=&lt;/span&gt;true
&lt;span class="k"&gt;[Install]&lt;/span&gt;
&lt;span class="nt"&gt;WantedBy&lt;/span&gt;&lt;span class="p"&gt;=&lt;/span&gt;timers.target
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The script itself is 40 lines. It calls a local LLM via OpenClaw, summarizes, writes markdown. No SaaS. No API bill that scales with your anxiety.&lt;/p&gt;

&lt;h3&gt;
  
  
  The math that makes managers nervous
&lt;/h3&gt;

&lt;p&gt;Save 5 minutes a day with one script. That is 30 hours a year. Do that with 20 scripts and you just resurrected a full work month. Do it with 100 and you are not more productive. You are a different species.&lt;/p&gt;

&lt;p&gt;This is why I do not track tasks. I track resurrections. Last month my daemons saved me 47.3 hours. I spent 12 of those building more daemons. That is the loop.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Traps that kill baby necromancers&lt;/strong&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Building a framework.&lt;/strong&gt; You do not need a framework. You need a script that works today.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Perfect logging.&lt;/strong&gt; Log enough to debug. Not enough to build Splunk.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Cloud first.&lt;/strong&gt; Start local. Move to a Pi if you need 24/7. Only then think about tunnels.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;No kill switch.&lt;/strong&gt; Every daemon needs a way to die quietly. &lt;code&gt;**pkill -f ritual_name&lt;/code&gt;** should work.&lt;/li&gt;
&lt;/ol&gt;

&lt;h3&gt;
  
  
  Build your first three tonight
&lt;/h3&gt;

&lt;p&gt;Do not read another thread. Do this.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;exorcise_downloads.py&lt;/strong&gt; — 15 lines with watchdog. Move PDFs to &lt;code&gt;~/vault/inbox&lt;/code&gt; and rename.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;daily_brief.py&lt;/strong&gt; — pull calendar with gcalcli, pull todos from a text file, write to Obsidian.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;focus_ward.py&lt;/strong&gt; — shell out to kill Slack and Discord, open Zed with your project, start a 90 minute timer.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Run them for a week. Count the minutes you did not waste. Then write three more.&lt;/p&gt;

&lt;p&gt;That is how you get to 100 without burning out. One ritual at a time.&lt;/p&gt;

&lt;h3&gt;
  
  
  Get the full grimoire and the supporting spells
&lt;/h3&gt;

&lt;p&gt;&lt;em&gt;SHELL SHOCKED — the 800+ script collection megapack that this post is built from. File rituals, text rituals, daily daemons, all ready to copy. Ultra powerful, what I use on the daily.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://numbpilled.gumroad.com/l/ultimate-python-bash-pack" rel="noopener noreferrer"&gt;SHELL SHOCKED: The Underground Megapack of Python and Bash Scripts - 8 Guides, No GUI, All Power&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Stop renting your time. Write the daemon. Let it work nights.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fksujnrw4dvynf6rc6irq.gif" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fksujnrw4dvynf6rc6irq.gif" alt=" " width="480" height="480"&gt;&lt;/a&gt;&lt;/p&gt;

</description>
      <category>programming</category>
      <category>productivity</category>
      <category>tutorial</category>
      <category>python</category>
    </item>
    <item>
      <title>Human Speed Is the New Bottleneck</title>
      <dc:creator>v. Splicer</dc:creator>
      <pubDate>Mon, 29 Jun 2026 01:11:24 +0000</pubDate>
      <link>https://dev.to/numbpill3d/human-speed-is-the-new-bottleneck-14oj</link>
      <guid>https://dev.to/numbpill3d/human-speed-is-the-new-bottleneck-14oj</guid>
      <description>&lt;p&gt;The future does not belong to the person who works the hardest. It belongs to the person who builds systems that keep working after they walk away.&lt;/p&gt;

&lt;p&gt;A coffee shop around lunch is an interesting place to watch modern work. Someone is bouncing between Slack notifications, another person is rewriting the same email for the third time, someone else has twelve browser tabs open while manually copying information from one website into another. Every few minutes a phone lights up. A calendar reminder interrupts whatever train of thought was finally beginning to form. Nobody looks particularly lazy. Everyone looks busy.&lt;/p&gt;

&lt;p&gt;Busy has become a status symbol.&lt;/p&gt;

&lt;p&gt;Productive is something else entirely.&lt;/p&gt;

&lt;p&gt;There is a strange contradiction sitting underneath today’s obsession with artificial intelligence. We have access to models capable of writing software, researching competitors, analyzing thousands of documents, monitoring infrastructure, generating reports, summarizing meetings, and orchestrating entire workflows. Yet millions of people still use them like expensive autocomplete. They ask one question. They copy one answer. They paste it somewhere else. Then they start over.&lt;/p&gt;

&lt;p&gt;The software evolved.&lt;/p&gt;

&lt;p&gt;The workflow barely did.&lt;/p&gt;

&lt;p&gt;That gap is becoming expensive.&lt;/p&gt;

&lt;h3&gt;
  
  
  Human bandwidth was always finite
&lt;/h3&gt;

&lt;p&gt;Factories did not fail because workers suddenly became weaker. They changed because machines could repeat physical labor without getting tired. Offices did not become digital because filing cabinets stopped working. They changed because computers could organize information faster than people could shuffle paper around.&lt;/p&gt;

&lt;p&gt;Each technological leap replaced a different bottleneck.&lt;/p&gt;

&lt;p&gt;Artificial intelligence is replacing another one.&lt;/p&gt;

&lt;p&gt;Not intelligence itself.&lt;/p&gt;

&lt;p&gt;Coordination.&lt;/p&gt;

&lt;p&gt;Think about how much of a normal workday involves moving information instead of thinking about it. Opening tickets. Closing tickets. Copying logs into bug reports. Searching documentation. Comparing spreadsheets. Sending follow-up messages. Watching dashboards. Refreshing pages that rarely change. Downloading files only to upload them somewhere else.&lt;/p&gt;

&lt;p&gt;None of these activities require creativity. They require persistence.&lt;/p&gt;

&lt;p&gt;Humans are remarkably bad at persistence over long periods. We get distracted. We become bored. We forget. We eat lunch. We sleep. We decide something can wait until tomorrow.&lt;/p&gt;

&lt;p&gt;Software does none of those things.&lt;/p&gt;

&lt;p&gt;That difference matters more every month.&lt;/p&gt;

&lt;h3&gt;
  
  
  Intelligence is no longer the scarce resource
&lt;/h3&gt;

&lt;p&gt;People still talk about AI as though the model itself is the product.&lt;/p&gt;

&lt;p&gt;It isn’t.&lt;/p&gt;

&lt;p&gt;The model is becoming infrastructure.&lt;/p&gt;

&lt;p&gt;The interesting question has shifted from What can this model do? to What happens when this model keeps doing it for weeks without supervision?&lt;/p&gt;

&lt;p&gt;That sounds subtle until you see it in practice.&lt;/p&gt;

&lt;p&gt;Imagine a security researcher hunting for newly exposed assets. The traditional workflow involves checking a few search engines, opening browser tabs, collecting screenshots, taking notes, and revisiting the same targets every few days.&lt;/p&gt;

&lt;p&gt;Now imagine an autonomous workflow instead.&lt;/p&gt;

&lt;p&gt;It wakes up every hour. It discovers new domains. It fingerprints technologies. It compares results against yesterday’s scan. It alerts only when meaningful changes appear. It files reports automatically. It enriches findings with public intelligence. It builds historical timelines while the operator sleeps.&lt;/p&gt;

&lt;p&gt;The researcher did not become faster.&lt;/p&gt;

&lt;p&gt;The researcher stopped being the bottleneck.&lt;/p&gt;

&lt;p&gt;That distinction changes everything.&lt;/p&gt;

&lt;h3&gt;
  
  
  Waiting has become invisible labor
&lt;/h3&gt;

&lt;p&gt;There is an odd kind of work that almost nobody accounts for.&lt;/p&gt;

&lt;p&gt;Waiting.&lt;/p&gt;

&lt;p&gt;Waiting for builds.&lt;/p&gt;

&lt;p&gt;Waiting for deployments.&lt;/p&gt;

&lt;p&gt;Waiting for responses.&lt;/p&gt;

&lt;p&gt;Waiting for reports.&lt;/p&gt;

&lt;p&gt;Waiting for search indexes.&lt;/p&gt;

&lt;p&gt;Waiting for data imports.&lt;/p&gt;

&lt;p&gt;Waiting for APIs.&lt;/p&gt;

&lt;p&gt;Waiting for downloads.&lt;/p&gt;

&lt;p&gt;The modern knowledge worker spends enormous portions of the day inside these tiny dead spaces. Five minutes here. Three minutes there. Twenty seconds while something compiles. A minute while a page loads. They look insignificant individually. Together they consume hours every week.&lt;/p&gt;

&lt;p&gt;Those empty moments usually get filled with context switching. Social media. Email. Chat messages. News headlines.&lt;/p&gt;

&lt;p&gt;Every interruption fractures momentum.&lt;/p&gt;

&lt;p&gt;AI agents are unusually good at living inside those gaps. They continue gathering information while humans drift into other conversations. They continue testing while someone attends meetings. They continue documenting while people commute home.&lt;/p&gt;

&lt;p&gt;Human attention remains expensive.&lt;/p&gt;

&lt;p&gt;Machine attention has become surprisingly cheap.&lt;/p&gt;

&lt;h3&gt;
  
  
  Workflows age faster than software
&lt;/h3&gt;

&lt;p&gt;Many organizations proudly announce they use artificial intelligence.&lt;/p&gt;

&lt;p&gt;Ask how.&lt;/p&gt;

&lt;p&gt;The answer often sounds suspiciously similar to how they worked five years ago.&lt;/p&gt;

&lt;p&gt;Someone opens ChatGPT.&lt;/p&gt;

&lt;p&gt;Someone pastes text.&lt;/p&gt;

&lt;p&gt;Someone copies the response.&lt;/p&gt;

&lt;p&gt;Someone manually formats it.&lt;/p&gt;

&lt;p&gt;Someone emails the result.&lt;/p&gt;

&lt;p&gt;Nothing fundamental changed.&lt;/p&gt;

&lt;p&gt;The interface changed.&lt;/p&gt;

&lt;p&gt;The architecture did not.&lt;/p&gt;

&lt;p&gt;History has seen this pattern before. Early automobiles were sometimes designed to resemble horse carriages because people had not yet realized the carriage itself was part of the limitation. Early websites copied brochures. Early streaming services copied television schedules.&lt;/p&gt;

&lt;p&gt;New technology often spends years pretending to be old technology.&lt;/p&gt;

&lt;p&gt;Agentic workflows finally stop pretending.&lt;/p&gt;

&lt;p&gt;Instead of replacing one employee, they replace entire chains of repetitive coordination.&lt;/p&gt;

&lt;h3&gt;
  
  
  Reliability beats brilliance
&lt;/h3&gt;

&lt;p&gt;People love dramatic demonstrations.&lt;/p&gt;

&lt;p&gt;A model solving advanced mathematics.&lt;/p&gt;

&lt;p&gt;An AI generating beautiful code.&lt;/p&gt;

&lt;p&gt;An autonomous system completing an impressive benchmark.&lt;/p&gt;

&lt;p&gt;Those moments are entertaining.&lt;/p&gt;

&lt;p&gt;Businesses usually care about something less glamorous.&lt;/p&gt;

&lt;p&gt;Reliability.&lt;/p&gt;

&lt;p&gt;Can the workflow run every day?&lt;/p&gt;

&lt;p&gt;Can it recover from failure?&lt;/p&gt;

&lt;p&gt;Can it retry intelligently?&lt;/p&gt;

&lt;p&gt;Can it document everything it touched?&lt;/p&gt;

&lt;p&gt;Can someone audit its decisions next month?&lt;/p&gt;

&lt;p&gt;An agent that completes ninety-eight percent of mundane work every day is worth more than one capable of spectacular reasoning that only succeeds half the time.&lt;/p&gt;

&lt;p&gt;Industrial automation succeeded because it became boring.&lt;/p&gt;

&lt;p&gt;Artificial intelligence is beginning the same transformation.&lt;/p&gt;

&lt;h3&gt;
  
  
  The new competitive advantage is orchestration
&lt;/h3&gt;

&lt;p&gt;Imagine two developers.&lt;/p&gt;

&lt;p&gt;Both have access to identical language models.&lt;/p&gt;

&lt;p&gt;Both understand software engineering.&lt;/p&gt;

&lt;p&gt;Both write clean code.&lt;/p&gt;

&lt;p&gt;One spends eight hours manually asking for assistance.&lt;/p&gt;

&lt;p&gt;The other spends a single afternoon building an automated pipeline that reviews pull requests, monitors repositories, summarizes issues, drafts documentation, checks dependencies, opens tickets, and alerts only when human judgment is actually required.&lt;/p&gt;

&lt;p&gt;By Friday, one person completed roughly forty hours of work.&lt;/p&gt;

&lt;p&gt;The other quietly accumulated hundreds.&lt;/p&gt;

&lt;p&gt;Not because they typed faster.&lt;/p&gt;

&lt;p&gt;Because they built leverage.&lt;/p&gt;

&lt;p&gt;That is becoming the defining skill of this decade.&lt;/p&gt;

&lt;p&gt;Not prompting.&lt;/p&gt;

&lt;p&gt;Orchestrating.&lt;/p&gt;

&lt;h3&gt;
  
  
  People still confuse automation with replacement
&lt;/h3&gt;

&lt;p&gt;This conversation usually collapses into fear.&lt;/p&gt;

&lt;p&gt;Will AI replace jobs?&lt;/p&gt;

&lt;p&gt;Sometimes.&lt;/p&gt;

&lt;p&gt;Often it replaces something less obvious.&lt;/p&gt;

&lt;p&gt;The exhausting parts of jobs.&lt;/p&gt;

&lt;p&gt;Nobody becomes a software engineer because they enjoy renaming files.&lt;/p&gt;

&lt;p&gt;Nobody becomes a security analyst because they enjoy copying IP addresses into spreadsheets.&lt;/p&gt;

&lt;p&gt;Nobody becomes a writer because formatting citations feels spiritually fulfilling.&lt;/p&gt;

&lt;p&gt;Removing repetitive coordination creates room for work that actually benefits from human judgment.&lt;/p&gt;

&lt;p&gt;Ironically, this often makes skilled professionals more valuable, not less.&lt;/p&gt;

&lt;p&gt;Their expertise gets multiplied instead of diluted.&lt;/p&gt;

&lt;h3&gt;
  
  
  The internet is becoming machine readable first
&lt;/h3&gt;

&lt;p&gt;Look closely at how websites are changing.&lt;/p&gt;

&lt;p&gt;Structured APIs.&lt;/p&gt;

&lt;p&gt;Semantic metadata.&lt;/p&gt;

&lt;p&gt;Machine-friendly documentation.&lt;/p&gt;

&lt;p&gt;Search indexes optimized for language models.&lt;/p&gt;

&lt;p&gt;Automated customer support.&lt;/p&gt;

&lt;p&gt;Everything increasingly assumes another machine will read it before a human ever does.&lt;/p&gt;

&lt;p&gt;Businesses have started optimizing for automated consumption because automated systems have become their largest audience.&lt;/p&gt;

&lt;p&gt;Your workflow needs to evolve alongside that reality.&lt;/p&gt;

&lt;p&gt;Humans reading websites one page at a time is beginning to resemble manually calculating taxes with pencil and paper. It still works.&lt;/p&gt;

&lt;p&gt;It simply no longer scales.&lt;/p&gt;

&lt;h3&gt;
  
  
  Speed is no longer measured in clicks
&lt;/h3&gt;

&lt;p&gt;Older productivity advice revolved around shortcuts.&lt;/p&gt;

&lt;p&gt;Keyboard hotkeys.&lt;/p&gt;

&lt;p&gt;Better monitors.&lt;/p&gt;

&lt;p&gt;Faster typing.&lt;/p&gt;

&lt;p&gt;Dual displays.&lt;/p&gt;

&lt;p&gt;Those improvements still matter.&lt;/p&gt;

&lt;p&gt;They also operate inside a fundamentally human pace.&lt;/p&gt;

&lt;p&gt;Agentic systems introduce an entirely different metric.&lt;/p&gt;

&lt;p&gt;Parallelism.&lt;/p&gt;

&lt;p&gt;One agent researches competitors.&lt;/p&gt;

&lt;p&gt;Another monitors infrastructure.&lt;/p&gt;

&lt;p&gt;A third drafts technical documentation.&lt;/p&gt;

&lt;p&gt;A fourth reviews pull requests.&lt;/p&gt;

&lt;p&gt;A fifth watches regulatory updates.&lt;/p&gt;

&lt;p&gt;None of them become distracted because someone sent a meme in the team chat.&lt;/p&gt;

&lt;p&gt;The bottleneck shifts away from execution.&lt;/p&gt;

&lt;p&gt;It lands squarely on decision making.&lt;/p&gt;

&lt;p&gt;That is exactly where humans should be.&lt;/p&gt;

&lt;h3&gt;
  
  
  The operators pulling ahead are strangely quiet
&lt;/h3&gt;

&lt;p&gt;If you spend enough time around startups, independent researchers, or experienced security professionals, a pattern begins appearing.&lt;/p&gt;

&lt;p&gt;The people making unusual progress rarely look frantic.&lt;/p&gt;

&lt;p&gt;Their inboxes are calmer.&lt;/p&gt;

&lt;p&gt;Their documentation stays updated.&lt;/p&gt;

&lt;p&gt;Their monitoring never stops.&lt;/p&gt;

&lt;p&gt;Their projects continue advancing during weekends because carefully designed workflows keep collecting information in the background.&lt;/p&gt;

&lt;p&gt;From the outside it looks effortless.&lt;/p&gt;

&lt;p&gt;It isn’t.&lt;/p&gt;

&lt;p&gt;The effort moved earlier.&lt;/p&gt;

&lt;p&gt;Instead of repeating tasks forever, they spent days designing systems that would repeat them correctly.&lt;/p&gt;

&lt;p&gt;That investment compounds.&lt;/p&gt;

&lt;h3&gt;
  
  
  Building leverage instead of collecting tools
&lt;/h3&gt;

&lt;p&gt;The internet loves new software.&lt;/p&gt;

&lt;p&gt;Every week another AI product appears with polished screenshots and dramatic promises. Some disappear within months. Others become genuine infrastructure.&lt;/p&gt;

&lt;p&gt;The temptation is to collect them all.&lt;/p&gt;

&lt;p&gt;The smarter approach is different.&lt;/p&gt;

&lt;p&gt;Ask a simple question.&lt;/p&gt;

&lt;p&gt;“What repetitive decision in my life deserves its own permanent workflow?”&lt;/p&gt;

&lt;p&gt;That answer might involve security monitoring.&lt;/p&gt;

&lt;p&gt;Content publishing.&lt;/p&gt;

&lt;p&gt;OSINT collection.&lt;/p&gt;

&lt;p&gt;Bug bounty reconnaissance.&lt;/p&gt;

&lt;p&gt;Customer support.&lt;/p&gt;

&lt;p&gt;Research.&lt;/p&gt;

&lt;p&gt;Development.&lt;/p&gt;

&lt;p&gt;Whatever it is, the value rarely comes from adding another application.&lt;/p&gt;

&lt;p&gt;It comes from removing yourself from repetitive coordination.&lt;/p&gt;

&lt;p&gt;Technology has always rewarded leverage over effort.&lt;/p&gt;

&lt;p&gt;Artificial intelligence simply accelerates the difference.&lt;/p&gt;

&lt;p&gt;By the end of this decade, “working hard” may describe someone trapped inside tasks their competitors quietly automated years earlier.&lt;/p&gt;

&lt;p&gt;The irony is almost uncomfortable.&lt;/p&gt;

&lt;p&gt;For decades we worried machines would become more human.&lt;/p&gt;

&lt;p&gt;Instead, many workplaces accidentally trained humans to behave like machines. Repeat this process. Copy this information. Check this page again tomorrow. Send another reminder. Fill another form.&lt;/p&gt;

&lt;p&gt;AI did not create that problem.&lt;/p&gt;

&lt;p&gt;It merely exposed how much of modern work was mechanical all along.&lt;/p&gt;

&lt;p&gt;The organizations that thrive next will not necessarily own the smartest models. They will build the smartest systems around ordinary models. They will understand that intelligence sitting idle inside a chat window has limited value, while intelligence embedded inside continuous workflows becomes infrastructure.&lt;/p&gt;

&lt;p&gt;Human creativity remains extraordinary.&lt;/p&gt;

&lt;p&gt;Human patience has always been limited.&lt;/p&gt;

&lt;p&gt;Finally, technology is starting to respect that difference instead of pretending it doesn’t.&lt;/p&gt;

</description>
      <category>programming</category>
      <category>productivity</category>
      <category>security</category>
      <category>architecture</category>
    </item>
    <item>
      <title>Total System Dominance: Chaining RFID, Sub-GHz, and Infrared Exploits</title>
      <dc:creator>v. Splicer</dc:creator>
      <pubDate>Fri, 26 Jun 2026 23:27:54 +0000</pubDate>
      <link>https://dev.to/numbpill3d/total-system-dominance-chaining-rfid-sub-ghz-and-infrared-exploits-18f</link>
      <guid>https://dev.to/numbpill3d/total-system-dominance-chaining-rfid-sub-ghz-and-infrared-exploits-18f</guid>
      <description>&lt;p&gt;The amateur hits one vector. The professional chains them all and walks out before the alarm even thinks about ringing.&lt;/p&gt;

&lt;p&gt;Let me tell you something that nobody in the “cybersecurity industry” wants to hear. Most of these people are playing checkers while the real players are three moves ahead on a board they don’t even know exists. They write their little blog posts about “how to clone a garage door” and they think they’ve hacked something. Cute. Really cute. Like watching a toddler try to pick a lock with a butter knife.&lt;/p&gt;

&lt;p&gt;I’ve been in this game for over thirty years. I’ve watched firewalls come and go like seasonal fashion. I’ve seen “unhackable” systems get carved open on a Tuesday afternoon with coffee in one hand and a $50 radio in the other. And the one thing I’ve learned that separates the script kiddies from the ones who actually run the show is this: no single exploit ever wins the war. It’s the chain that breaks the castle.&lt;/p&gt;

&lt;p&gt;RFID. Sub-GHz. Infrared. Three protocols. Three completely different attack surfaces. And when you chain them together, you don’t just open a door. You own the building.&lt;/p&gt;

&lt;h3&gt;
  
  
  The Philosophy of the Chain
&lt;/h3&gt;

&lt;p&gt;Here’s what the corporate security world doesn’t understand. They build systems in silos. The access control team doesn’t talk to the alarm team. The alarm team doesn’t talk to the HVAC vendor. Everyone has their little fiefdom, their little budget, their little “that’s not my department” excuse. And that fragmentation? That’s not a bug in their system. That’s the bug in their thinking.&lt;/p&gt;

&lt;p&gt;When I approach a target, I don’t think in terms of “what’s the weakest link.” I think in terms of “what’s the path of least resistance that connects the most systems.” And that path almost always runs through at least two, sometimes three, completely different protocol layers.&lt;/p&gt;

&lt;p&gt;RFID gets you past the front door. Sub-GHz gets you into the network. Infrared gets you into the devices they forgot even existed.&lt;/p&gt;

&lt;p&gt;That’s not a theoretical framework. That’s a Tuesday.&lt;/p&gt;

&lt;h3&gt;
  
  
  RFID: The Key They Hand You on a Silver Platter
&lt;/h3&gt;

&lt;p&gt;Let’s start with the one everyone knows and nobody respects.&lt;/p&gt;

&lt;p&gt;RFID access cards. The backbone of every office building, every gym, every co-working space that thinks a fob with a blinking LED makes them secure. Here’s the dirty little secret: most of these systems are running on protocols that were designed in an era when “security through obscurity” was considered a legitimate strategy.&lt;/p&gt;

&lt;p&gt;We’re talking 125 kHz low frequency. We’re talking 13.56 MHz high frequency. We’re talking the HID Prox, the EM4100, the MIFARE Classic (yes, still. In 2025. Unbelievable but true). These protocols have been broken so many times that the exploits are practically folklore at this point.&lt;/p&gt;

&lt;p&gt;But here’s where it gets interesting. Most people stop at “I cloned the badge.” And that’s fine if you just want to get into the gym after hours. But if you’re playing the long game, cloning the badge is just step one. Because that badge doesn’t just open a door. It logs an event. It talks to a controller. And that controller is almost always connected to something else.&lt;/p&gt;

&lt;p&gt;I grab the badge with a Flipper Zero in under 10 seconds. I don’t even need to be close for long. The read range on most low frequency systems is generous enough that I can walk past someone in a hallway and have their credential in my pocket before they finish their sentence about the weather.&lt;/p&gt;

&lt;p&gt;But I’m not done. Not even close.&lt;/p&gt;

&lt;h3&gt;
  
  
  Sub-GHz: The Silent Highway
&lt;/h3&gt;

&lt;p&gt;This is where the magic happens. This is where you go from “guy who cloned a badge” to “person who just compromised an entire facility” without anyone noticing.&lt;/p&gt;

&lt;p&gt;Sub-GHz radio. The frequency range that controls everything from garage doors to car key fobs to wireless weather stations to industrial control systems. It’s the wild west of wireless communication. No encryption on most of it. No authentication. Just raw RF signals flying through the air like they’re shouting their secrets to anyone with a receiver.&lt;/p&gt;

&lt;p&gt;Here’s the chain I run most often. I clone the RFID badge. I get into the building. Now I’m inside, and I pull out the Flipper Zero again, but this time I’m on Sub-GHz. I’m scanning for the frequency that the building’s access control system uses to talk to its alarm panel. And you know what? I find it almost every single time. Because the installer was lazy. Because the integrator cut corners. Because nobody ever thought someone would be inside the building listening.&lt;/p&gt;

&lt;p&gt;Once I have that frequency, I capture the rolling code or the fixed code that the alarm system uses. And then I replay it. The alarm doesn’t go off. The security company doesn’t get a call. But I’ve now got the ability to arm and disarm the system at will.&lt;/p&gt;

&lt;p&gt;And this is the part that makes security people lose sleep. The alarm system, the access control, the HVAC, the lighting controls… they’re all talking to each other over Sub-GHz in most commercial installations. It’s not some exotic setup. It’s standard. It’s boring. It’s everywhere.&lt;/p&gt;

&lt;p&gt;I didn’t hack three different systems. I hacked one frequency that connects all three.&lt;/p&gt;

&lt;h3&gt;
  
  
  Infrared: The Forgotten Vector
&lt;/h3&gt;

&lt;p&gt;Now let’s talk about the one that gets completely ignored. Infrared.&lt;/p&gt;

&lt;p&gt;IR is the protocol that controls your TV. Your air conditioner. Your projector. The little sensor on the wall that tells the lights to turn on when you walk into a room. It’s everywhere and nobody thinks about it because it feels “too simple” to be a security risk.&lt;/p&gt;

&lt;p&gt;That’s exactly why it’s so dangerous.&lt;/p&gt;

&lt;p&gt;Here’s a real scenario. I’m in a conference room. There’s a projector controlled by IR. I pull out the Flipper Zero, I capture the IR signal from the remote that’s sitting on the table (I don’t even need to know whose remote it is, I just need it to be pointed at the projector, which it always is), and now I can control the projector. But more importantly, I can also capture the IR signals from the room’s climate control, the blinds, the lighting system.&lt;/p&gt;

&lt;p&gt;And here’s where the chain completes itself. That room’s climate control system? It’s on the same network as the building management system. Which is connected to the same Sub-GHz backbone as the alarm. Which is triggered by the same RFID event I cloned an hour ago.&lt;/p&gt;

&lt;p&gt;I didn’t break in. I walked in. I cloned a badge. I listened to the radio. I copied a remote. And now I control the temperature, the lights, the projector, the alarm, and the door locks. All from a device that fits in my palm and costs less than a nice dinner.&lt;/p&gt;

&lt;h3&gt;
  
  
  Why Nobody Talks About Chaining
&lt;/h3&gt;

&lt;p&gt;The reason this stuff doesn’t get talked about in the mainstream is simple: it doesn’t fit the narrative. The narrative is “buy our product, install our firewall, sleep at night.” The narrative is not “here’s how a single person with $200 worth of gear can own your entire physical security infrastructure in under an hour.”&lt;/p&gt;

&lt;p&gt;The bureaucrats don’t want you to know this because it exposes how cheap and fragmented their “security” actually is. The vendors don’t want you to know this because it makes their 50,000 access control systems look like toys.And the certified professionals don′t want you to know this because it devalues their 300/hour consulting fees.&lt;/p&gt;

&lt;p&gt;But I’m not interested in their feelings. I’m interested in the truth. And the truth is that physical security in 2025 is a joke held together with duct tape and wishful thinking.&lt;/p&gt;

&lt;h3&gt;
  
  
  The Real Skill: Knowing When to Chain
&lt;/h3&gt;

&lt;p&gt;Chaining isn’t just about technical ability. It’s about thinking. It’s about walking into a building and seeing the invisible connections between systems that were never designed to talk to each other but do anyway because some guy in 2011 just wired them to the same controller to save money.&lt;/p&gt;

&lt;p&gt;That’s the skill. Not the tool. The tool is just a Flipper Zero and a brain that refuses to think in silos.&lt;/p&gt;

&lt;p&gt;I’ve seen people spend weeks trying to brute force a network when the HVAC system was broadcasting its credentials over Sub-GHz the entire time. I’ve seen people try to bypass an RFID reader when the infrared sensor next to it would have let them walk right in if they’d just thought to look.&lt;/p&gt;

&lt;p&gt;The best hack isn’t the most complex one. It’s the one where you connect three dumb mistakes that nobody else thought to connect.&lt;/p&gt;

&lt;h3&gt;
  
  
  A Final Word to the People Who Think They’re Safe
&lt;/h3&gt;

&lt;p&gt;You’re not. Your badge can be cloned in seconds. Your alarm frequency can be captured from the parking lot. Your TV remote is broadcasting its codes to anyone with a $50 device. And none of these systems talk to each other in a way that would catch the chain.&lt;/p&gt;

&lt;p&gt;That’s not paranoia. That’s just Tuesday.&lt;/p&gt;

&lt;p&gt;The systems were never designed to defend against someone who thinks laterally. They were designed to defend against someone who thinks like a burglar from 1995. And that’s the gap I live in. That’s the gap I’ve always lived in.&lt;/p&gt;

&lt;p&gt;So the next time you badge into your office and feel safe, just remember: the door you walked through, the alarm that didn’t ring, and the lights that turned on automatically… they’re all just waiting for someone who knows how to chain them together.&lt;/p&gt;

&lt;p&gt;And that someone might already be in the building.&lt;/p&gt;

&lt;p&gt;If this kind of thinking speaks to you, and you want to go deeper than what the official docs will ever show you, I put together a couple of things that might interest you. No fluff. No corporate nonsense. Just the stuff that actually works.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://numbpilled.gumroad.com/l/flipper-zero-black-book-secrets" rel="noopener noreferrer"&gt;The Flipper Zero Black Book 2026: 100+ Tricks &amp;amp; Payloads They Don’t Put in the Docs&lt;/a&gt; &lt;/p&gt;

</description>
      <category>programming</category>
      <category>tutorial</category>
      <category>security</category>
      <category>cybersecurity</category>
    </item>
    <item>
      <title>Sandboxing Reality: How to Spoof iPhone Locations for Advanced Penetration Testing</title>
      <dc:creator>v. Splicer</dc:creator>
      <pubDate>Fri, 26 Jun 2026 23:13:13 +0000</pubDate>
      <link>https://dev.to/numbpill3d/sandboxing-reality-how-to-spoof-iphone-locations-for-advanced-penetration-testing-5dpg</link>
      <guid>https://dev.to/numbpill3d/sandboxing-reality-how-to-spoof-iphone-locations-for-advanced-penetration-testing-5dpg</guid>
      <description>&lt;p&gt;Listen up. If you’re still playing by the rules Apple wrote for you, you aren’t testing security. You’re just clicking buttons and praying the red text doesn’t show up. Real penetration testing isn’t about running a script kiddie tool and calling it a day. It’s about bending the fabric of the digital world until it screams. And right now, one of the easiest ways to make the Matrix glitch is by spoofing GPS coordinates on an iPhone.&lt;/p&gt;

&lt;p&gt;I’ve been doing this since before the App Store existed. I’ve seen firewalls that were supposed to be impenetrable turn into Swiss cheese because someone didn’t verify the geolocation data. So, let’s cut the corporate fluff. Let’s talk about how to spoof iPhone locations for advanced pen testing, why the “official” ways are garbage, and how to do it so deep that even the hardware thinks you’re somewhere you aren’t.&lt;/p&gt;

&lt;h3&gt;
  
  
  The Lie of “Trusted” Location
&lt;/h3&gt;

&lt;p&gt;Here’s the dirty secret the suits don’t want you to know: iOS trusts the location services stack implicitly. When an app asks “Where am I?”, the OS hands over the coordinates. It doesn’t ask for a receipt. It doesn’t check the blockchain. It just gives the number.&lt;/p&gt;

&lt;p&gt;For a pen tester, this is gold. But it’s also a trap. Most tutorials tell you to use Xcode, plug in the cable, and simulate a location. That’s cute. That’s for kids. That’s for people who want to order a pizza from a different zip code so they don’t have to pay delivery fees. If you walk into a client’s office with a developer cable hanging out of your pocket, you’re done. You’re not a hacker; you’re a tech support guy.&lt;/p&gt;

&lt;p&gt;We need something invisible. We need something that survives a reboot. We need to spoof the reality of the device so that the baseband, the Wi-Fi chip, and the GPS receiver all agree on a lie.&lt;/p&gt;

&lt;h3&gt;
  
  
  Method 1: The “Ghost Walk” (Hardware Spoofing)
&lt;/h3&gt;

&lt;p&gt;If you want to be truly edgy, you stop relying on software and start talking to the hardware. The iPhone’s GPS receiver is just a chip. It listens to satellites. But we can feed it garbage.&lt;/p&gt;

&lt;p&gt;There are dongles out there, like the ELRS or generic Chinese clones, that act as a GPS spoofer. You plug it into the Lightning port (or USB-C on the new ones, don’t get me started on that nonsense). You set the coordinates to the target — say, the CEO’s house or the server room entrance — and you walk in.&lt;/p&gt;

&lt;p&gt;To the phone, the satellites are screaming that it’s in the middle of the Atlantic Ocean. To the Wi-Fi, it’s still connected to the office network. To the cell tower, it’s roaming. This triangulation mismatch is what triggers the “advanced” alerts in security software, but if you know what you’re doing, you can mask the Wi-Fi MAC address to match the location’s ISP range.&lt;/p&gt;

&lt;p&gt;It’s messy. It requires you to carry a dongle. But it works when the software solutions fail. It works when they update iOS and break the jailbreak you were relying on. Hardware doesn’t get patched as fast as code.&lt;/p&gt;

&lt;h3&gt;
  
  
  Method 2: The Developer Deception (Xcode on Steroids)
&lt;/h3&gt;

&lt;p&gt;Okay, fine. Maybe you don’t want to carry a dongle. Maybe you want to do this from your laptop while pretending to look busy in a coffee shop.&lt;/p&gt;

&lt;p&gt;You use Xcode. But we aren’t doing the “Simulate Location” thing. We’re going to use frida.&lt;/p&gt;

&lt;p&gt;If you don’t know Frida, you’re playing checkers while I’m playing 5D chess. Frida lets you inject JavaScript into running processes. You can hook into the CLLocationManager and intercept the callbacks before they ever reach the app.&lt;/p&gt;

&lt;p&gt;You write a script. It’s maybe ten lines of code. You hook startUpdatingLocation. When the app asks for the location, your script intercepts it, kills the real GPS data, and injects your fake JSON payload.&lt;/p&gt;

&lt;p&gt;{ "lat": 37.7749, "lng": -122.4194, "accuracy": 5.0 }&lt;/p&gt;

&lt;p&gt;You see that accuracy field? That’s the mark of a pro. Amateurs set accuracy to 0. That’s impossible. No GPS is that perfect. If you set it to 5 meters, the app trusts you. The security logic thinks you’re standing right on the sidewalk.&lt;/p&gt;

&lt;p&gt;But here’s the kicker: you have to bypass the detection. Apps like Pokemon Go or high-security banking apps check for “Mock Locations” in the developer settings. If that switch is on, they ban you or flag you.&lt;/p&gt;

&lt;p&gt;So, we use Frida to hide the switch. We hook the isMockLocation boolean and force it to return false. Now, the app thinks it’s getting real satellite data, but it’s actually getting a JSON object you typed up in a text editor five minutes ago.&lt;/p&gt;

&lt;h3&gt;
  
  
  The Wi-Fi Triangulation Problem
&lt;/h3&gt;

&lt;p&gt;Here is where 90% of you screw up. You spoof the GPS, but you forget the Wi-Fi.&lt;/p&gt;

&lt;p&gt;If your iPhone says it’s in New York, but it’s connected to a Wi-Fi SSID named “CorpNet_FiOS_5G” that only exists in a basement in New Jersey, the security operation center (SOC) is going to know you’re faking it. They have wardriving maps. They know where every router is.&lt;/p&gt;

&lt;p&gt;To spoof location convincingly, you have to spoof the Wi-Fi context.&lt;/p&gt;

&lt;p&gt;When I’m doing a physical pen test, I don’t just change the GPS. I change the MAC address of my Wi-Fi card to match a vendor that operates in the target area. If I’m spoofing a location in London, my Wi-Fi MAC prefix should look like a BT Openreach device, not an Apple Cupertino device.&lt;/p&gt;

&lt;p&gt;You can do this with ipheth or just simple ifconfig commands if you’re jailbroken. If you aren’t jailbroken, you’re limited, but you can still force the phone to forget the network and reconnect to a rogue AP you set up with the right SSID and BSSID.&lt;/p&gt;

&lt;p&gt;This is “Sandboxing Reality.” You are building a bubble around the phone where every piece of data — GPS, Wi-Fi, Cell Tower ID — agrees on a false reality.&lt;/p&gt;

&lt;h3&gt;
  
  
  The Jailbreak Question
&lt;/h3&gt;

&lt;p&gt;Look, I know the purists are cringing. “Just use a jailbreak, you filthy casual.”&lt;/p&gt;

&lt;p&gt;I use jailbreaks. I use rootless jailbreaks. I use palera1n. Why? Because stock iOS is a walled garden designed to keep you in, not to keep hackers out. Apple’s security model is based on the assumption that the user is the enemy. For us, the user is the god.&lt;/p&gt;

&lt;p&gt;When you jailbreak, you get access to amfid (Apple Mobile File Integrity Daemon). You can disable it. This means you can inject dylibs into system apps. You can modify SpringBoard. You can make the status bar lie about the battery, the signal, and the location simultaneously.&lt;/p&gt;

&lt;p&gt;There is a tweak (I won’t name names because the repo maintainers are paranoid) that allows you to set a global spoof. You set it once, and every app sees the fake location. Uber sees it. Tinder sees it. The target’s custom security app sees it.&lt;/p&gt;

&lt;p&gt;It is the ultimate power move. You hand the phone back to the client, and they have no idea that for the last hour, the device has been teleporting around the globe.&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;_(Side note- I am 99% sure jailbreaking, at least on iOS devices, has all but been rendered impossible by some recent firmware updates? Correct me if I’m wrong.)_
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;
&lt;h3&gt;
  
  
  Why Do This?
&lt;/h3&gt;

&lt;p&gt;You might ask, “Why go through all this trouble? Just hack the server.”&lt;/p&gt;

&lt;p&gt;Because the server is boring. The server is patched. The server is behind a WAF.&lt;/p&gt;

&lt;p&gt;The human is the vulnerability. The human checks the “Geo-Fence” dashboard. The human sees the green dot on the map and assumes everything is safe. By spoofing the location, you aren’t just hacking a phone. You are hacking the perception of the security team.&lt;/p&gt;

&lt;p&gt;I once got into a facility by spoofing the location of a maintenance worker’s iPhone. The guard looked at his tablet, saw the worker was “On Site” at the loading dock, and opened the gate. The worker was actually at home sleeping. I was walking in the front door with a badge I printed ten minutes prior.&lt;/p&gt;

&lt;p&gt;That is the power of Sandboxing Reality. You don’t break the lock. You convince the lock that you’re the key.&lt;/p&gt;
&lt;h3&gt;
  
  
  The Ethical Line (Don’t Be an Idiot)
&lt;/h3&gt;

&lt;p&gt;I’m not telling you this so you can track your ex-girlfriend or cheat on a geo-based game. That’s pedestrian. That’s boring.&lt;/p&gt;

&lt;p&gt;I’m telling you this because the world is becoming a surveillance panopticon. Every app wants your location. Every government wants your location. If you can’t control where you are digitally, you don’t own your device. You are a tenant.&lt;/p&gt;

&lt;p&gt;Pen testers need to understand this so they can tell their clients: “Hey, your app trusts GPS blindly? That’s a critical vulnerability.”&lt;/p&gt;

&lt;p&gt;And if you want to get really deep? Start looking at the NMEA data. Spoof the altitude. Spoof the speed. If you’re spoofing a location in a car, your speed needs to be 45 mph. If you’re standing still, your speed is 0. If the GPS says you’re moving at 600 mph, the app knows you’re faking it.&lt;/p&gt;

&lt;p&gt;Details matter. In this game, the devil is in the metadata.&lt;/p&gt;
&lt;h3&gt;
  
  
  The Toolkit
&lt;/h3&gt;

&lt;p&gt;You need a Mac. You need a Lightning cable that actually transfers data (most dollar-store cables are power only, you amateurs). You need Xcode. You need Frida. You need a brain.&lt;/p&gt;

&lt;p&gt;And you need to stop being afraid of breaking things. If you aren’t breaking things, you aren’t learning. I’ve bricked more iPhones than I’ve had hot dinners, and every single brick taught me something about how the secure enclave works.&lt;/p&gt;

&lt;p&gt;The system wants you to be passive. It wants you to consume. Don’t consume. Inject.&lt;/p&gt;
&lt;h3&gt;
  
  
  Closing Thoughts
&lt;/h3&gt;

&lt;p&gt;The future of hacking isn’t in code. It’s in context. It’s in making the system believe a lie so convincing that the truth becomes irrelevant. GPS spoofing is just the beginning. Next, we’ll be spoofing biometrics. We’ll be spoofing voice prints.&lt;/p&gt;

&lt;p&gt;But for today, master the map. Make the dot go where you want it to go. And when the client asks how you bypassed their geo-fencing, just smile and tell them you “optimized the user experience.”&lt;/p&gt;

&lt;p&gt;They’ll never know. And that’s the point.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Stay dangerous. Stay off the grid.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;_    P.S. If you actually want to do this right and not just read about it like a tourist, I wrote the manual on how to do it without turning your phone into a brick. It’s not for the faint of heart, but if you’re reading this, you’re probably past that point._&lt;/p&gt;

&lt;p&gt;&lt;a href="https://numbpilled.gumroad.com/l/iphonespoofers" rel="noopener noreferrer"&gt;Check out How To Fake Your iPhone Location Convincingly&lt;/a&gt;&lt;/p&gt;
&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;And while you’re at it, if you’re walking around sniffing packets, you better know when someone is sniffing you. Don’t be the rookie getting de-authed in the parking lot. Grab the WiFi Ghost: The DeAuth Detector You Flash and Forget.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;

&lt;p&gt;&lt;a href="https://numbpilled.gumroad.com/l/deauth-detector-wifi-hacking" rel="noopener noreferrer"&gt;WiFI Ghost: The DeAuth Detector You Flash and Forget&lt;/a&gt;&lt;/p&gt;

</description>
      <category>programming</category>
      <category>tutorial</category>
      <category>security</category>
      <category>cybersecurity</category>
    </item>
  </channel>
</rss>
