Kick Out the Jams

Welcome to The Bootloader, I'm Tod Kurt.

And I'm Paul Cutler.

The show works like this.

Tod and I have each brought three things to share, and we'll talk about each one for

about five minutes.

For detailed show notes and transcripts, visit thebootloader.net.

Tod, what's your first one for us?

All right, so if you're in the US, there is a private company, well, really a collection

of private companies, with 80,000 cameras displayed across the United States that track

your car and you and sell that information to local police. And a synth

YouTuber named Ben Jordan hacked them to show us how they work. If you're into

synthesizers and watch YouTube like me, you may have heard of Ben Jordan. Around

eight years ago he started doing music gear videos, I'm sorry, music gear reviews,

studio tips, music theory lesson vids. These videos were good, insightful, and

had a bit of legitimacy coming from a professional recording artist. About two

years ago he stopped doing gear reviews because the synth gear industry has

created a fairly toxic environment for these synth tubers, almost amounting to payola. So Ben just

opted out. Nowadays his videos still occasionally feature music production techniques, but he's also

turned his eye towards wider aspects of his world. Issues with AI, free software, hardware hacking,

and most importantly for the last six months he's been working with security researchers and

investigative journalists to look into these cameras and tracking systems made by a company

called Flock.

The first kind of these are cameras called ALPR, automatic license plate recognition

systems.

They blend into the various poles along the side of the road.

The startup Flock, who makes the majority of them and license the data to law enforcement,

claims they increase the number of arrests made and decrease crime.

But as has been reported several times in the last several years, these systems are

rife with OCR errors, because they've got like, you know, they're built in little machine

language things and glitches that lead to arrests of random people having nothing to

do with the crimes in question.

And if you drive in the US, your car has been logged into this system.

Like you don't even have a choice.

Back in August 2025, Ben posted a video that shows how just using a modern gaming GPU,

you can crack the Wi-Fi WPA2 encryption of these cameras.

But also the physical security of these cameras is a joke.

If you have access to one, you can just pull it off the pole really.

you can easily pop out its internal micro SD card

that contains unencrypted video it has recorded.

So yeah, if you're a creep in a neighborhood,

you can get access to all your neighbors, you know,

goings on.

But more concerning is what Ben posted in November, 2025,

with the help of security researchers and journalists

from 404 Media.

There are these newer Flock safety cameras,

that's capital Flock, capital safety.

They were fully open and viewable

from the IoT search engine, Shodan.

By the way, did you know there's a search engine for IoT devices?

You can go to and you can basically find various IoT things that are hooked up to the internet.

These Flock safety cameras are PTZ cameras and they're designed to track people.

They have built-in AI models to recognize and zoom in on people.

They even zoom in enough to see what people are watching on their cell phones.

He was able to just look at this stuff and see people using commercially available facial

recognition software, public databases, and data breaches that's publicly available, he

was able to identify several of these people that he saw, find their addresses, and discover

details about their finances, health, and family relations.

I mean, what the hell?

What's damning is after all these vulnerabilities were reported to Flock, they did nothing.

So Ben went on to one of these publicly available cameras and read the official response from

Flock saying there was no security problem as the creepy AI camera zoomed in on him reading

it.

It's kind of a beautiful example of the hack.

And it wasn't even a hack.

It was just going to a public website, searching and seeing public URLs.

But thanks to his reporting, some police departments sold on Flux promises have been canceling

their contracts.

So change is possible.

I recommend that everyone go bug their city representatives and figure out if they're

using these systems and get them to stop.

From a privacy perspective, these things are bad, that they exist at all.

And from a technical perspective, as a hacker, as an engineer, having them implemented so

poorly is just embarrassing.

So let's get them turned off and put Flock and similar companies out of business.

Links to all this stuff and all the reporting from 404 is in the show notes.

I've been a member of the EFF for about 20 years and they've been covering Flock for

a while.

They've got a number of blog posts just over the last six months about how scary it is.

And it's none of the government's business.

You can't tell me that Flock isn't selling this information sideways to data brokers as well as law enforcement.

And we know that the government, the federal government, buys information from data brokers.

Well, it's no one's business if someone's going to an abortion clinic, for example, or any kind of medical appointment.

And it's pretty easy just using metadata like he did to figure out where people are going and what they're doing

when you start cross-referencing the license plates with the facial recognition.

And it's just scary.

Yeah, I mean, one of the examples he had was just he saw a couple come out of a Home Depot

with a bunch of brand new fancy tools loaded up into their SUV.

And he could then see what the license plate of the SUV is and find out where they lived.

So he could go and get those brand new tools, you know, if he was so inclined.

Man, it's just like, you know, that Flock and the companies that use the Flock data

are correlating all this video and AI detected information with other public

datasets or even private datasets. And so it's just yeah let's let's try to knock

this down a peg and make it not so easy for these people to do this sort of

stuff. Anyway Paul what's your first one for this time? I'm a sucker for a good

mechanical keyboard going back to an old IBM replica I had 25 years ago and I

recently found out that my code keyboard is no longer made as WASD keyboards has

gone out of business. I don't need a new keyboard, but I'm always window shopping

and the Naya Connect caught my eye. The Naya Connect is the second product

launch from Naya who has a Kickstarter campaign for their new modular keyboard

the Naya Connect. They previously launched their split keyboard also on

Kickstarter. The Naya Connect features a low-profile keyboard that's ultra thin

at just under 15 millimeters. But what's innovative about it is that it's modular

allowing users to customize their keyboard layout and functionality. You

including a multi-pad, a 4x4 macro pad that can work as a number pad or anything you program it for,

an extra column of six keys laid out vertically,

four different input modules to let you replace your mouse, including a trackball, touchpad, a dial, and a floating joystick.

And what's really neat about all of these modules is they're made for both right and left-handed users,

with connections for each module on either side.

It also includes Naya Flow, their custom software that allows you to program your keyboard layout and all of the modules.

If you're quick, you can jump on the Kickstarter as it has about a week left from when this episode is being released.

Options start at about $180 and quickly go up from there depending on which modules you choose.

One of the options was over $400, so you're paying for it, but it's still a discount from what they're going to charge from a retail price.

>> Yeah. One of the really cool things I love about this is

their little mouse module,

their input module is one thing that has

a little round space in the middle and then four keys on the bottom.

That round space in the middle can be

a touchpad area or it can be a trackball,

or it can be one of those six-dimensional nubbins

like you use in CAD programs like the Space Mouse.

All those parts can be swapped.

So you can have one sort of input module,

but then you can swap out,

oh, I wanna have a touchpad, I wanna have a trackball.

And it's just really clever.

- Yeah, if you're using FreeCAD,

you might want the space type joystick thing,

I can't even describe it.

And then you want a touchpad for your everyday use.

And like you said, you just swap them in and out.

And you can put them on either side of the keyboard.

- Yeah, yeah, yeah.

- Which I think is great.

- Get one of each and put one on each side.

- Right.

(laughing)

- Yeah, a friend of mine is a real big believer

of the, they've got the Mac Magic Trackpad thing,

which is like a really big trackpad,

and they have that on one side,

and they have just a normal fancy mouse on the other side,

because doing some trackpad-y gestures are really natural,

kind of like pinch and zoom and moving windows around

is really nice with the trackpad.

And so I see them doing no keyboard things

where they're just mouse and trackpad,

and they're really fast.

So I think that's what I would do

if I had to get this keyboard.

- Yeah, I use the Apple trackpad too,

It does make a lot of stuff easier though. There's there's times where I wish I had a mouse for really detailed use

But I could go either way

Totally. What's your next one for us?

Okay, so very exciting news the ESP 32 finally supports 5 gigahertz Wi-Fi. Yay

Everybody get your streamers

So if you don't know ESP 32 chips and the dev boards that have them are pretty much the best way to do Wi-Fi with

microcontrollers in my opinion. They're fast, they have lots of memory, they have

a rich built-in set of peripherals for driving things like displays, doing audio

I/O, you know buttons, all that kind of stuff. And you can program them either

using the vendors supplied ESP-IDF SDK, or you can use Arduino or MicroPython,

CircuitPython, you can even use the really modern languages like Rust and

Swift. But the term ESP32 is pretty misleading. It's not a description of a

chip architecture, it's more like a brand, kind of like saying Ford for a car.

there are multiple chip architectures in the ESP32 family,

with the current more modern one

being the RISC-V based ones.

And it used to be, if you were to say ESP32,

you meant Wi-Fi microcontroller.

But even now that's not true

because they recently announced an ESP32-P4

that doesn't even have Wi-Fi.

It has a ton of GPIO,

it seems really good at driving big displays,

but it's not a Wi-Fi chip.

In fact, their dev board ships with two ESP32s on it,

this new P4 chip and then like a ESP32-C6 or something little Wi-Fi coprocessor, kind of like

what Adafruit does with their AirLeft boards. The problem with all these different variations

of the ESP32 Wi-Fi chips though is they've all been 2.4 gigahertz Wi-Fi. Even the most recently

announced ESP32-C6 chip that boasts Wi-Fi 6 support is still only on 2.4 gigahertz.

This 2.4 gigahertz spectrum is the original one that the Wi-Fi was on. It's what like the old

cordless cell phones are on, it's what Bluetooth is on, it's what your microwave

oven is on, and it's still pretty good for Wi-Fi for longer distance stuff, but

if you want higher data rates, then 5 gigahertz is pretty much the norm

that everyone uses in their home and office setups. And it's to the point

where a lot of Wi-Fi access points will encourage you to turn off the 2.4

gigahertz side of things. So some people have gotten home with their little

ESP32 dev board trying to get on their local Wi-Fi, and they've not been able to

because they've had their 2.4 gigahertz side of things turned off. But now there's the ESP32-C5

chip. It's a dual band Wi-Fi 6 ESP32 that does both 2.4 gigahertz and 5 gigahertz.

And while both Espressif, who makes the ESP32, and Waveshare have had these larger dev boards,

the sort of big for like testing out stuff, that use the ESP32-C5, just recently, like two weeks

ago, Seed started selling a Xiao board with the ESP32-C5. This is great if you already have a

Wi-Fi project using a CutiePie or a Xiao, you might be able to just pop it out and swap in this new

ESP32-C5 Xiao to get your project on 5 gigahertz Wi-Fi. And the other cool thing is that the ESP32-C5

also supports Matter and Thread protocols, so I suspect you will be seeing this chip in this Xiao

board and maybe Adafruit will make a cutie pie version of it.

We'll be seeing those in a lot of home automation projects in the future.

Links to the C Studio blog post about this in the show notes.

And I can't wait to get one.

They're currently sold out because I didn't get there fast enough.

Do you know if the C5 you can choose which band to use in software?

I think so.

One of the really cool things about the ESP-IDF, which is the SDK that Espressif uses, that

Specifics is written for their their chips is they cover all the chips

You just want to use one API, but they'll have different flags to specify things

I'm pretty sure I saw in the ESPN it thing

There's this way to specify what what band you want to be on

I do know you can tell what band you're on when you after you've connected. So there's that at least I

Was one of those users that when I first got into microcontrollers four or five years ago

I had 2.4 gigahertz turned off and it took me probably a week to figure out why I couldn't get this thing on a network

Drove me crazy. So I

Bet I'm not the only one out there. Yeah. Yeah. No, it's it's a harder. It's a harder problem

So I'm glad I'm glad that that hurdle has been overcome at least a little bit. All right Paul. So what's your what's your second one?

It's no secret that we're fans of CircuitPython and Adafruit products on the show

So let's take a moment and celebrate the Adafruit fruit jam

The Fruit Jam was first released at the end of July in 2025 and then went out to thousands of Adabox subscribers last November.

If you haven't heard of the Fruit Jam, it's Adafruit's take on building a mini-computer using the RP2350B microcontroller.

With all the extra GPIO in the RP2350B, Adafruit was able to add DVI out using an HDMI port,

Two USB ports for USB hosts to hook up gamepads, mice, and keyboards.

A microSD card slot.

And a Stemma QT port to add additional sensors.

All in a size that's barely bigger than a credit card.

This literally turned it into a microcomputer.

Not only is the product innovative, I'm blown away by the community's response

and all the cool software that is available to run on the Fruit Jam.

First up is Fruit Jam OS.

Once you have CircuitPython 10 installed on your Fruit Jam,

you can install the OS like you would any other CircuitPython program.

It includes a few games like Breakout, Minesweeper, and a Flappy Bird clone, an IRC client of

all things, utility apps like PyPaint, a text editor, and LarsIO Paint, which you can use

to create MIDI music, and a couple screensavers like the Flying Toaster and the Matrix, and

more.

Sean Carolan wrote a Pac-Man clone originally for the SeedWIO terminal, and Cooper Delrimple

ported it to work on the Fruit Jam and Fruit Jam OS.

I never would have thought you could write Pac-Man

in just CircuitPython, but that's what Sean did.

- Yeah, it's really good too. (laughs)

- I'll be having Sean on a future episode

of the CircuitPython show just to talk about Pac-Man.

Speaking of Cooper,

who is a CircuitPython community member,

he's been doing a ton of stuff with the Fruit Jam

and doing it behind the scenes.

He was one of the first to create a game for it

with Fruitress, a Tetris clone.

He's also worked on game pad support,

a Fruit Jam store, and more things that I can list.

Back in December, my last guest on the CircuitPython show

was Dan Cogliano.

Dan ported the Z Machine, the engine that runs Zork,

to the Fruit Jam so he can play Zork 1-3

or other Z Machine games.

He also has made a Moon Miner game,

and he's working on a maze game

that you'll be able to play on it as well.

But where the Fruit Jam really shines is as an emulator.

So many of the early computers have been ported

work with the Fruit Jam. Mac emulator? Check. It can run System 2.0 through System 7.5.5.

Apple II emulator? Check. Intel 286? Check. But my favorite emulator is the RetroJam by

Frank Hoedemakers. It's written in C using the Pico SDK and can emulate most 8-bit gaming

system from the 80s, as well as my favorite 16-bit system, the Sega Genesis/Mega Drive.

Emulators include the Nintendo Entertainment System, the Sega Game Gear, and Master System,

and the Nintendo Game Boy and Game Boy Color.

It works with both a gamepad or a keyboard, which is wild.

I would have never thought you could use a keyboard to play some of these old 8-bit games.

It also includes the ability to save your games with some of the emulators.

The Fruit Jam is only $40 and is available directly from Adafruit, though it's out of

stock at the time of this recording.

For $40, it really packs a punch.

Yeah, and if you if you want to play this play this kind of stuff right now

And you don't have you can't get a free gem

you can cobble together like most of the functionality of a fruit jam by using a

RP 2350 feather and the TLB 320 DAC and and the RP 2350

HST to DVI

Connector like like you can basically like before before the food free gem existed

We were all trying to get this stuff to work by using these like like five or six parts

And it's like they're actually pretty cheap to get it all assembled. So if you want to do it right now you can still

Also

for other cool or I mean like most of or many of the

things you listed are on the adafruit - playground comm site and

There's a lot of other really cool

Projects that are for there for fruit jam on there

If you just search for fruit jam, like one of the ones that I I've seen that I really liked is Sam Blaney

He's made a couple of MIDI projects that use like you plug in a USB MIDI device into the fruit jam

And you can like use it to do stuff

but also he's created some like

video test patterns and sort of video screensaver type things to help you sort of like

Learn how the fruit jam does video and I found those very very useful. Yeah, both Sam and Cooper

I've really knocked it out of the park with with all their community driven programs that they've written for the fruit jam

Totally. What's your next one for us?

All right, neural networks in CircuitPython with native code.

A few weeks ago, I came across a really interesting blog post by Ashish Patel on

how to embed native code versions of trained TensorFlow or

PyTorch models in a CircuitPython.

So if you're interested in machine learning or

embedding native code in a CircuitPython, this is a really useful read.

TensorFlow and PyTorch are both Python-based machine learning tools for

building neural networks and other learning models.

Normally, these run on real computers, but

we've seen TensorFlow models being run on embedded dev

boards for several years now.

In fact, Adafruit made an Edge Badge version

of their PyGamer board that could do TensorFlow-based voice

recognition using TensorFlow Lite in Arduino.

These models are trained on a large, fast computer.

And then the resulting models exist

as a blob of generated code with essentially a single function

that takes an input and returns a result.

This code is small enough to run on microcontrollers.

And there are several mechanisms for sticking them

into your Arduino code or Rust code or Python code

or whatever, but getting them into CircuitPython

has been tricky.

You can run a pure Python version of your model,

and Ashish shows you how to do this,

but that runs pretty slowly as you might expect.

But Ashish's blog post gives a step-by-step process

starting with the training of the model

and converting the result into C

using this tool called onnx2c.exe, whatever.

Onnx is the Open Neural Network Exchange,

something I didn't know about.

It's a standard way of representing machine learning models.

Once you run this tool, you have a resulting C code

that's just a bunch of tensor vectors

and no CircuitPython-specific code in it.

So the next step is to show how you can embed that C code

in a CircuitPython.

And he does it in a way

that's pretty clean and understandable.

There's several little niggly details you need to do

to make the CircuitPython source tree see your code

to add your new native code that you're putting in there.

It's more frustrating than just sticking your code

in your board's definition directory,

which is kind of what I would hope.

But it shows exactly how all they need to do.

So even if you're not interested in machine learning,

but are interested in adding native code to CircuitPython,

this post is pretty useful.

It goes into much more detail than a gist I put up a couple years ago.

And I think it's actually more up to date because the way that CircuitPython is compiled

kind of evolves over time.

And so what I wrote in 2022 in a gist is probably out of date now.

But yeah, thank you Ashish for that blog post.

Super handy.

My partner is the smart one in the house.

She's getting her doctorate in machine learning.

So I read Ashish's article and most of it went over my head, but she would probably

understand it.

But I need to reach out to Ashish because he needs to be on the CircuitPython show.

What he's done is pretty cool.

And the instructions do make sense because he does take you through it step by step.

Yeah.

Yeah.

And it's so nicely embeddable, these little models, because they are literally just a

single C function that takes one input and returns one output.

So it's really handy, really useful.

All right, Paul, what's your final one for this time?

I've been following on social media Washington State's proposed bill that basically adds

DRM to all 3D printers so they can't print ghost guns.

On January 25th Adafruit published a must-read blog post that has all the details and more.

Washington State Representative Osman Salahuddin has proposed two bills.

HB 2320 adds criminal liability around digital firearm manufacturing code and classifies

the machines that make these parts as part of the firearms law.

HB 2321 requires any 3D printer sold or transferred in Washington after July 1, 2027 to include

mandatory DRM that has blocking features that can detect a firearm's blueprint.

As Adafruit wrote and shared, printers would have to examine every file, compare it against

a centrally maintained list of prohibited designs, reject flag jobs, and be engineered

to resist bypass by users with significant technical skill.

Which is pretty much everyone who owns a 3D printer.

While I'm all for gun control, this is just crazy.

You can't outlaw the tools to create something just because it creates something you don't

like.

What's next?

Outlawing drill presses and milling tools as well?

Exactly.

You can't tell me that people won't find a way around this.

When it comes to DRM, they always do.

What's stopping someone from adding a Raspberry Pi or a custom microcontroller and flashing

Clipper on it, which is done all the time in the 3D printing community?

DRM never works and this is a terrible idea.

If you live in Washington state, reach out to your elected representatives and tell them

that this is a terrible idea.

This is definitely something to keep an eye on because if one state is thinking about

it, I bet others will be too.

The language as it's proposed is way too broad, and I'll leave you with this quote

from the Adafruit blog post.

None of these controls stop determined actors.

What they do is burden lawful users, destroy open source innovation, and force proprietary

stacks and cloud services, not safety.

Yeah, it's so dumb.

This sort of stuff seems to pop up every couple of years.

And it seems like every time I see the video of the little desktop mill, not even a CNC

mill, just a manual mill of like someone who can create a gun in a couple of hours just

out of bar stock.

And it's like, it's not the tools, man.

Right.

We just don't need more DRM in the world.

Yeah, yeah, no doubt.

Well, that's our show.

Before we go, I'd like to take a moment.

I live in the outer suburbs of Minneapolis, which is currently occupied by ice.

If you're looking for ideas on how you can help support those on the ground, please visit

StandWithMinnesota.com.

Thanks for listening, and until next time, stay positive.

(bright music)