Lowyat.NET: Latest topics by Moogle Stiltzkin

[Sponsored] RK-S98 Mechanical Keyboard review

Moogle Stiltzkin — Fri, 22 May 2026 18:59:36 +0800

QUOTE

Save ~RM65+ instantly! Use Exclusive Malaysia only Code:

at checkout (Cheaper than Shopee!). Click here to go shop now

For global users (not from malaysia) there is only a 5 USD discount code

CODE

rkmooglestiltzkin5

Mini guide how to use the store (with picture guides), Click here

Review Changelog revisions

» Click to show Spoiler - click again to hide... «

QUOTE

Key Specifications

Form Factor: 96% layout with 98 keys (compact layout that retains the full number pad).

Connectivity: Tri-mode connection supporting Bluetooth 5.0 (pair up to 3 devices), a stable 2.4GHz wireless dongle, and USB Type-C wired mode.

Smart Display & Knob: Features a built-in TFT smart screen to monitor battery life, connection modes, OS settings, and custom animations/GIFs. The adjacent metal knob controls system volume, lighting modes, and screen menu selections.

Acoustics & Mount: Built with a flexible, cushioned flex-cut gasket design and filled with a multi-layer sound-absorbing system (including a PET insulation sheet and IXPE switch pad). Paired with pre-lubed Chartreuse linear switches, this configuration provides soft, cushioned bottom-out feedback and a deep, muted, and creamy sound profile.

Switches & PCB: 5-pin hot-swappable, south-facing RGB PCB to accommodate any enthusiast switch without keycap interference. Shipped with factory-lubed custom options like the Linear Chartreuse/Viridian/Cream or Tactile Pale Green/Beige switches.

Battery Capacity: Massive 3750 mAh battery, delivering up to 200 hours of continuous wireless use with the RGB backlights deactivated.

Keycaps: Durable, oil-resistant OEM-profile double-shot PBT keycaps featuring clean side-(laser etched) secondary legends.

Extra Features: 1 built-in USB 2.0 pass-through hub port (for mice/flash drives), 2-stage adjustable typing angle feet, and dedicated desktop software for macro and GIF mapping.

Video demo

Apex legends demo using the RK-S98 mkb
[YOUTUBE]oATnZ-q9iz4[/YOUTUBE]

The idea for the video demo is a live demonstration to show how i use this RK-S98 mkb while playing apex legend. No i didn't win in the video The video was my first time actually using it, and i'm still warming up, so plz cut me a break

This is a part 2 because i forgot to setup my blue yeti mic so you can HEAR the sound of the typing, whether you like it or not.

[YOUTUBE]knwPnxRc4Jc[/YOUTUBE]

Sound & switch type

Personally i liked it. It's not that annoying clicky type writer sound. Refer to the part 2 youtube demo which has the sound so you can judge for yourself. I've used many mkb and i can tell you it sounds pleasant.

Keep in mind these switches in the review i am doing are RK Chartreuse switches aka linear as in you press them all the way down without much resistant or any tactile bumps.

The Chartreuse sounds creamy. For a comparison refer to this
[YOUTUBE]fLGY5ti_aqA[/YOUTUBE]

For another RK linear, if you are wondering what the Cream switch sounds like compared to Chartreuse, refer to this
[YOUTUBE]Q15ot6soPFU[/YOUTUBE]

The RK Chartreuse switches found in keyboards like the RK S98 are modern, factory-lubed linear switches that provide a significantly smoother, more responsive typing experience compared to classic, unlubed Cherry MX Reds. While both are linear switches with a light 45g operating force, they differ significantly in key travel, smoothness, and sound profile.

Key Differences Explained

Smoothness: RK Chartreuse switches come pre-lubed from the factory. This eliminates plastic-on-plastic friction, giving them a buttery smooth glide. Stock Cherry MX Reds are unlubed and notorious for feeling slightly "scratchy" when pressed slowly.

Bottom-Out Feel: The Chartreuse features a shorter total travel distance (3.4mm vs. Cherry's 4.0mm). You bottom out faster, resulting in a sturdier, snappier feedback loop that feels crisp under the fingers.

Sound Profile: When typed on, the combination of the pre-lubed Chartreuse switch's smooth linear stem and the S98's flexible gasket-mount architecture produces a distinctly deep, muted, and creamy sound profile. In contrast, unlubed Cherry MX Reds sound much scratchier, louder, and distinctly clackier, lacking the refined acoustic depth and dampening of this modern setup.

Typing Stability: The stem stability on the Chartreuse is much tighter and less wobbly than standard Cherry switches, providing a more stable, premium typing feel right out of the box.

The Verdict

Choose RK Chartreuse if you want a modern, pre-lubed switch that delivers a snappy bottom-out and a distinctly deep, muted, and creamy sound profile. Stick with Cherry MX Reds only if you strictly prefer traditional, full 4.0mm deep travel distance or plan on manually lubing your own switches.

For RK Chartreuse, who is this for? gamers or office work is fine. Not to say you can't use for other things, but this aligns well for this purpose.

Do they have other switch options? Yes, for this RK-S98 they have Chartreuse, Cream, Blue, Beige, Brown. Their version of the red would be the Chartreuse or cream if you are looking for linear switches (where you prefer bottoming/pressing all the way down without least resistance and no tactile bumps). The main difference between the RK Cream and RK Chartreuse switches comes down to color design, travel distances, and subtle variations in sound. Functionally, both are smooth linear switches that skip the tactile bump entirely, and both come heavily factory-lubed from Royal Kludge to give you a smooth typing feel. However, their hardware blueprints differ slightly.

However if instead you prefer tactile, the choices are brown or beige. Beige is suppose to be rk's modernized version of a tactile switch so i would recommend trying those out since it's supposed to be an improvement over the browns. Distinctive difference is the bump happens earlier, compared to brown that happens on mid way point.

modding

Modding Capabilities

Hot-Swappable PCB: Swapping switches requires zero soldering. Fits any 3-pin or 5-pin mechanical switches.

Keycap Swapping: Uses standard cross-stem keycaps. Fits Cherry, OEM, MOA, or XDA profiles easily.

Great Tape Canvas: Applying painter's tape to the PCB creates a deeper, "marbly" sound profile.

Pre-Layered Dampening: Comes packed with internal foam layers. Easy to swap for silicone or heavy Poron.

Mod-Friendly Stabilizers: Plate-mounted stabilizer design allows quick removal for cleaning, lubing, or wire tuning.

Downsides & Risks

Fragile Screen Cables: Opening the case risks ripping delicate ribbon cables connected to the TFT screen.

Tough Plastic Clips: The case uses tight plastic clips instead of screws. Opening it requires forcing pry tools.

Strict Battery Safety: The 3,750 mAh battery is glued inside. Careless prying can puncture it and cause fire.

Tight Case Clearance: Heavy internal mods (like thick foam) can warp the PCB or crush the screen connectors.

Voided Warranty: Opening the case or modifying internal hardware immediately cancels your manufacturer warranty.

color themes

they have a few color themes for this mkb. the one i reviewed is phantom. they got others like blackberry mousse, pink gradient, light cloud. Pick your poison, but personally, i think phantom is the best i've ever seen for a mkb. that's my recommendation.

Added the picture of the pink gradient as well. These seems to be blanks on top, and put the legends on the bottom sides. This style is very subjective, so keep that in mind. The phantom i am using is the standard legend on the top AND also on sides which is more to my preference.

Keycaps

double shot. Meaning the contrast of the print on the keycaps is excellent, and because they are double shot, they won't wear out from the day you bought it. And in this phantom you got the different color double shots

it's also pbt, meaning it won't shine (with that oily look) from using it after a long time. Meaning it will age well even with heavy use over time.

also notice that the keycaps some have a side-printed legends on the bottom side facing you? basically it can do 2 things for the keycaps. to use the function of the side printed legend, hold the Fn (Function) key first, then tap the corresponding key. It's a smart design because it reduces the amount of keycaps needed by making keycaps that have 2 functions that can be used with the fn.

One thing to note however, in a darkroom, even with continuous lighting effect, you can barely see the side south facing legends. they are (laser etched), so there is no window for lighting to go through. If you need them and use often, i suggest keeping a well lit environment. Most people won't be using those keys often to begin with.

micro oled augmented glasses?

Moogle Stiltzkin — Mon, 18 May 2026 06:27:07 +0800

[YOUTUBE]5SRUYUozAEM[/YOUTUBE]

https://www.lowyat.net/2026/392816/asus-glo...-r1-ar-glasses/

any opinions of this? gimmick? or actually good? they said it's micro oled in glasses with an augmented screen.

Would you buy this over a proper gaming oled monitor?

as someone who watch anime like ghost in the shell among others, i do see augmented tech to be the future, but is that moment now?? (in the sense people will ditch their standard gaming monitor for glasses?) probably not.

Dolby Says AV1 NOT FREE so Netflix Amazon Google

Moogle Stiltzkin — Tue, 21 Apr 2026 13:56:21 +0800

Av1 royalty free? nope. not any longer. Dolby just rugged pulled.

[YOUTUBE]eVeF2RWlj7I[/YOUTUBE]

not necessarily dolby's fault in this instance, though they were sneaky about it (it's akin to providing the opportunity for the wolf to enter the hen house to cause mayhem). but why... did aom build av1 their tech on some still infringing (supposedly) ip licensing, and allow dolby to wait till av1 became 30% of content on netflix before they pounced?

and the whole join the av1 club and if there is ip dispute they will all come together with funds to fight off any ip issues. nope, it was a paper tiger, they all split

so what does this mean for the end-consumer. Yeah your netflix fees went up

laptops purchases?
https://www.lowyat.net/2026/383358/asus-and...patent-dispute/

so whats like av1 but royalty free? no idea. but it's not good. the whole idea behind av1 was cr8 something as good as hevc minus the ridiculously expensive royalty fees. well that got botched

[YOUTUBE]6OCOht4LjnQ[/YOUTUBE]

microsoft banned wireguard

Moogle Stiltzkin — Fri, 10 Apr 2026 15:43:43 +0800

[YOUTUBE]fTui3CQuL9I[/YOUTUBE]

if u use windows os, or some vpn that use these vpn protocols, then u r affected

i guess the fallback is openvpn? but still, why wireguard? this is an attack on encryption

no vpn does not make u invisible. because there is fingerprinting that knows what device u use, or what social media ur currently logged into but what it can do, is let you get around geo blocks.

or maybe u need to go into your network over the internet, so you setup a vpn for that purpose. so there is legit uses for vpns, even for businesses.

Axios npm package hacked

Moogle Stiltzkin — Wed, 01 Apr 2026 17:28:23 +0800

[YOUTUBE]AT7x16mqGMc[/YOUTUBE]

QUOTE

In late March and early April 2026, the Axios npm package was the victim of a high-impact supply chain attack, while the npm registry itself was not "hacked" in the traditional sense. Instead, an attacker gained control of a lead maintainer's account to publish malicious versions of the library.

QUOTE

Safe versions: Anything 1.14.0 or lower, or 0.30.3 or lower.

Malicious versions: 1.14.1 or 0.30.4

in my case, i don't have npm container running, but it does auto update image.....

QUOTE

If a Docker image containing the malicious Axios versions (1.14.1 or 0.30.4) was downloaded but never run as a container, you are likely safe from the Remote Access Trojan (RAT) that triggers during the package's execution. However, the presence of the image on your system is a significant risk that must be addressed immediately to prevent accidental activation.

Why You Are Likely Safe (For Now)

Execution-Based Trigger: The 2026 npm hack involving Axios relies on a postinstall script in the plain-crypto-js@4.2.1 dependency. This script only runs when npm install is executed—typically during a docker build or when a container starts if it's configured to install dependencies at runtime.
Dormant Threat: If the image was pulled (downloaded) rather than built locally, and the container was never started, the malicious code remains dormant as a static file in your Docker storage.

Immediate Actions to Take
Even if the container hasn't run, you must sanitize your environment to ensure no one accidentally deploys it.

using truenas

so what i did was, go to truenas shell...

CODE

Grep Search: If you have a long list of images, you can search for a specific ID:

summary

CODE

Find the Container ID:
docker ps -a | grep <IMAGE_ID_OR_NAME>

Remove the Container:
docker rm <CONTAINER_ID>

Now Delete the Image:
docker rmi <IMAGE_ID>

because i use dockge, i just click stop, inactivate. this releases it.

then i can do the

CODE

docker rmi -f <IMAGE_ID>

then

CODE

docker image prune -a

This removes all images that are not currently associated with a running container.

for safest,

Option 3: Nuclear Cleanup (Best for Security)
Since you are dealing with a potential npm hack, it is safer to wipe all stopped containers and unused images at once:

CODE

docker system prune -a

(This will ask for confirmation and then delete all stopped containers and all images not currently running.)

lastly, for my docker compose, since i use watch towerr for auto updates, just add this to stop watch towerr from auto updating npm.

3. Use Environment Variables (Docker Compose)
If you use Docker Compose, add this environment variable to your Watchtower service to stop all automatic updates globally:
yaml

CODE

services:
watchtower:
image: containrrr/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- WATCHTOWER_MONITOR_ONLY=true

can remove later once this issues dies down (or not). Or set watchtowerr to not update daily, and defer updates to every 2-3 weeks to avoid a situation like this the next time.

if you are a homelabber and u use npm for your docker container, take action NOW if you haven't already

In my situation, i didn't have the container actively running, so dodged a bullet narrowly. but it did make me rethink the auto update for npm that has been targeted more than once. so either a longer deferred update, or not auto update might be in order

Also this is another reminder, WHY, you need to pay close attention to how you deploy your docker containers. so it's not running as root. so create a docker user, then use that for docker containers for deployment. hopefully that will limit any issues.

[YOUTUBE]RxxYESQ7rW0[/YOUTUBE]

android removing ability to install apk?

Moogle Stiltzkin — Tue, 10 Mar 2026 08:29:27 +0800

[YOUTUBE]Qfo6xdVMFmM[/YOUTUBE]

install apk aka sideload (i call this installing.....) seems like google will be removing the ability to install apks manually if i am not mistaken? watch the youtube.

that is crazy if true. then what is the point of going android if you can't do that? may as well go ios (which was one of the main reasons people went android to begin with).

so why is this bad?

ok, imagine u have a project on github to install an apk. Sounds like you may not be able to use something like obtainium to install an apk from your favourite android app project. cause they are removing the ability to do so

i hope i am misunderstanding, but i dont think i am. watch the youtube.

if u r an android user, you should be very concerned. not all good apps are on googleplay. this is anti competition by forcing people to be locked into googleplay ecosystem.

MY Internet Ads Are Hacking Your Phone Now

Moogle Stiltzkin — Sat, 07 Mar 2026 09:20:40 +0800

[YOUTUBE]lnaZ6bRyTF8[/YOUTUBE]

malvertising was always a thing... where ads load up, and u get malware. they said ads are harmless and needed to keep sites up, but at user expense.

use adblockers. pfsense blocker at router better.

QUOTE

Yes, pfBlockerNG is a powerful tool for network-wide ad blocking on the pfSense firewall. It functions by preventing your devices from connecting to known ad-serving domains and IP addresses.

How it Blocks Ads

DNSBL (DNS Blackhole List): This feature intercepts DNS requests for ad-serving domains. If a device on your network tries to load an ad from a domain on a blocklist, pfBlockerNG prevents the connection.

IP Filtering: It can block entire ranges of IP addresses associated with malicious activity, trackers, or specific geographical regions (GeoIP).

Feeds and Lists: You can subscribe to popular, community-maintained blocklists like EasyList or The Firebog to keep your protections up to date.

Key Limitations

Encrypted Traffic (DoH/DoT): Some modern devices and browsers use DNS over HTTPS (DoH) to bypass local DNS filters. You may need to manually block known DoH servers within pfBlockerNG to ensure its effectiveness.

Same-Domain Ads (YouTube/Hulu): pfBlockerNG struggle to block ads served from the same domain as the content (e.g., YouTube video ads), as blocking the ad would also block the video itself.

Visual Layout: Unlike browser-based extensions (e.g., uBlock Origin), pfBlockerNG cannot "hide" the empty space left behind by a blocked ad; it simply prevents the content from loading.

For the most comprehensive protection, many users combine pfBlockerNG with a browser-based extension for a "layered" approach.

or router where you can use an ad filter list.

also if possible, use ublock origin on firefox for browser.

QUOTE

Yes, uBlock Origin prevents ads from being downloaded to your hard drive.

Unlike "cosmetic" blockers that merely hide an ad once it arrives, uBlock Origin is a network request blocker. It intercepts and cancels the request for an ad before it leaves your browser, meaning the ad data never reaches your network or your computer's storage.

How it Protects Your Storage

Network Request Blocking: When a website tries to fetch an ad, tracker, or malware from a remote server, uBlock Origin identifies that server on its blocklists and "nips the request in the bud". This saves both bandwidth and disk space.

Preventing Local Caching: Because the ad content (images, video files, scripts) is never downloaded, it cannot be stored in your browser's temporary cache files on your hard drive.

Efficiency: It is designed to be lightweight, using less CPU and memory than other blockers while preventing the accumulation of "junk" data from advertising scripts.

Important Distinction

While uBlock Origin stops the ad data from being written to your disk, the extension itself and its filter lists do occupy a small amount of space on your hard drive to function. However, this is negligible compared to the amount of data saved by blocking video ads and heavy tracking scripts over time.

some good filterlists are like Hagezi ultimate. this is more than enough for most things

for ads on youtube on android, you may need to use something like newpipepipe where the ads wont load at all but you can still use youtube.

Motorola's GrapheneOS phones

Moogle Stiltzkin — Wed, 04 Mar 2026 08:52:24 +0800

Introduction

grapheneos is a smartphone os whos goal is for privacy. While still able to use googleplay (sandboxed).

[YOUTUBE]eUEtc6gblK0[/YOUTUBE]

[YOUTUBE]jkhMx9hEsK0[/YOUTUBE]

[YOUTUBE]nnLSWBBQSEU[/YOUTUBE]

because of their strict requirements, so far only the google pixel phones qualified for it. But now that is about to change. Motorola is now partnering with grapheneos to support it.

[YOUTUBE]Y5GrbhB2HHQ[/YOUTUBE]

[YOUTUBE]DD4GcBgSBVs[/YOUTUBE]

https://www.zdnet.com/article/motorola-to-p...on-2027-phones/

this is a game changer. Meaning there is no longer a single point of failure if google decided not to make a new pixel that conformed to what grapheneos required in order to make a privacy oriented smartphone. it's a start.

but already there has been push back from the other side that don't want users to have privacy e.g. france
https://www.theregister.com/2025/11/28/grapheneos_ovhcloud/

user experience using grapheneos
[YOUTUBE]5-V6pkQI_vE[/YOUTUBE]

[YOUTUBE]8w21fewVv0E[/YOUTUBE]

[YOUTUBE]IAoCfrqxIEg[/YOUTUBE]

QUOTE

By default, GrapheneOS removes nearly all of Google’s proprietary AI software to prioritize user privacy and security. While the Pixel hardware itself contains AI-accelerating components (like the Tensor chip’s TPU), the GrapheneOS operating system does not include the high-level AI features found in stock Pixel Android.

AI on GrapheneOS

AI Features (Removed):

The Google Gemini app and its OS integrations are not included.

Generative AI tools such as Pixel Studio or "Magic Editor" are not included.

System assistants such as "Circle to Search," Call Screening, and AI-based battery optimization are not part of GrapheneOS.

Hardware Capabilities (Active):

GrapheneOS supports the hardware-accelerated neural network processing (TPU) built into Pixel devices.

Apps using on-device machine learning for tasks like image processing or offline translation can use this hardware.

Optional AI (User-Installed):

The Google Camera app can be installed via the sandboxed Google Play to regain AI-powered photography features.

Users can install open-source or local AI applications that run on the device's hardware.

https://discuss.grapheneos.org/d/28974-is-t...eneos-or-google

so if you need AI and you liked a particular app, maybe this might not be the OS for you. not sure if you can reinstall it to get it to work or not you'd have to dyor. i don't use the ai as much so not a big deal for me.

other things that may not work, like google wallet and contactless payments. so if you need something like that, then this is not the os for you.

banking apps may or may not work. your millage may vary. depends how strict they are. this is the biggest deal breaker. check first if it works or not, before you commit to getting a grapheneos smartphone

another nice thing grapheneos does is it strips out the meta from the pics you take from your cam. people don't realize for most smartphones, they add a meta data for your geo location where you snapped your pic with the cam. grapheneos by default does not add these geo location tags. there is of course some apps that will remove those tags, but i rather it not take them at all.

even if you don't care for your privacy, it helps with your battery life. but if you reinstall/enable stuff it removed, then your battery consumption will be the same like if you weren't using grapheneos, so keep that in mind.

QUOTE

How GrapheneOS Handles Location Tags

Disabled by Default: In the stock GrapheneOS Camera app, location tagging is turned off by default.

Automatic Stripping: The Camera app is configured to strip all EXIF metadata (including GPS coordinates, timestamps, and device models) from captured images automatically.

Orientation Exception: Only the orientation metadata is preserved so that photos are displayed correctly (e.g., preventing them from appearing sideways).

Screenshots: GrapheneOS also strips sensitive metadata from screenshots, such as the OS build number and timezone, which could otherwise leak "quasi-location" information.

side note: grapheneos does not recommend fdroid. instead they use their own store which is better for security. alternative you can use something called obtainium

[YOUTUBE]oY8mXyE2Myw[/YOUTUBE]

lastly the other important question, how long do you get updates for your smartphone model?

QUOTE

GrapheneOS provides full security updates for Pixel devices as long as Google (the OEM) continues to support them with firmware and driver updates.

Update Lifecycle by Pixel Model

Once a device reaches its "OEM minimum support end," GrapheneOS typically transitions it to a "harm reduction" support phase for a limited time before ending support entirely.

Device Generation ,Support Duration ,Expected End of Full Support

Pixel 8, 9, & 10 series ,7 years from launch ,2030 – 2032

Pixel 6 & 7 series ,5 years from launch ,2026 – 2028

Pixel Fold / Tablet ,5 years from launch ,June 2028

5-7 years for smartphone is good enough. samsung oneui for their s24-s26 was 7-8 years roughly as well? but the fact is, with their new s26u battery 5000 mAh with 1200 cycles, it will probably last 3-4 years before the battery degrades. just saying so 5 years before you upgrade/change your smartphone sounds about right under the current tech we have atm

so who is this for really? basically just users that want a smartphone for it's intended purpose, without others doing unnecessary stuff including privacy invasive actions. this os does it's best to ensure that while still having a usable smartphone.

probly 2 types of users

1. people that want smartphone to be without bloat and privacy invasive stuff (as much as realistically possible) and to have better battery life by default. i probably fall under this camp

2. the privacy paranoid user. all the settings they are super careful. i'm not judging, i'm just noting that this camp does exist. to each their own.

my point is, you don't have to fall under user type 2. even user type 1 can benefit from grapeheneos. improved battery life helps a lot

attempted assassination of border control com..

Moogle Stiltzkin — Thu, 26 Feb 2026 11:07:15 +0800

[YOUTUBE]_r8g3_lxAbA[/YOUTUBE]

https://www.nst.com.my/news/nation/2026/02/...smuggling-watch

wow... the criminal elements are targeting our border control enforcement people via assassinations. this should not be allowed to stand.

just look at mexico and haiti when criminals get their way. you want that here? i don't. hope the authorities hit the criminals back hard

QUOTE

The remarks came after Mohd Nasaruddin was targeted by two gunmen on a motorcycle while on his way to perform morning prayers earlier today. Sources said two shots were fired, but the commander was not injured.

thankfully he did not die. but still the fact they targeted him even off duty is alarming. something needs to be done about this. if something like this is normalized, they will just continue doing it

QUOTE

The Malaysia Border Control and Protection Agency (AKPS), also known as the Malaysia Checkpoints and Border Agency (MCBA), is the country’s new singular authority for border security. Established under the Border Control and Protection Agency Act 2024, it officially began operations on January 1, 2025, to unify over 20 separate enforcement agencies under one command.

QUOTE

Recent Countermeasures (2025–2026)

The "Wall" Project: Malaysia has allocated RM1.5 billion to construct a concrete security wall and 110km of fencing along high-risk stretches in Kelantan, Kedah, and Perlis to replace aging barbed wire.

Jetty Demolition: A massive operation is underway to demolish over 200 illegal jetties along the Golok River to cut off "rat routes".

Agency Consolidation: The Malaysia Checkpoints and Border Agency (MCBA) now leads these efforts, coordinating between the police, military, and customs to prevent "counter-setting" (collusion between officers and smugglers).

so essentially they've been operating for a year and already criminals are feeling threatened enough to do this. meaning they must be doing something right the question is, who is going to protect the guys doing their jobs? hope they come up with solutions.

7zip Malware: Beware 7zip.com

Moogle Stiltzkin — Sat, 14 Feb 2026 06:32:34 +0800

[YOUTUBE]bpLxXH37Hs8[/YOUTUBE]

So how do you know whats the actual og site?

well, you can go to wikipedia and search for the app, then there is the actual site linked there.

And once you know the actual site, go there then ADD a bookmark star e.g. firefox. So whenever u visit the sites you verified, it would have that star to indicate it's bookmarked. meaning at a glimpse you can check if it's bookmarked, then you know you are at the correct site. If you don't see it, be on your toes as you may have simply googled then it brought you to a fake site due to careless web browsing

also in google search, the other trick is the search results at top usually will be shown as a google ad, and that usually points to some malware site which uses the same name as the app site. google doesn't seem to care about that apparently so just because something appears at the very top don't be too trusting. check if it's an advert firstly, because that is the most sus.

Or what i would suggest instead for installing apps, is to use unigetui which can download apps using winget
https://github.com/marticliment/UniGetUI

QUOTE

How Signature & Integrity Checking Works

Because UniGetUI is a "manager of managers," it inherits the security protocols of whichever tool is actually downloading the software:

WinGet (Microsoft): Primarily uses SHA256 hash validation. When a package is submitted, Microsoft runs automated scans (including SmartScreen and static analysis) to ensure the file's hash matches the one in the verified manifest. While WinGet does not strictly require every package to be digitally signed by the developer, it validates that the file has not been tampered with since its official review.

Chocolatey: Uses checksums (hashes) to verify that the installer you download is exactly what was intended. It does not mandate digital signatures for all packages but relies on maintainers to provide correct hashes.

UniGetUI Internal Integrity: Recent updates (version 3.3.1+) added self-healing mechanisms. If UniGetUI’s own executable files are corrupted or show integrity violations, the app will prompt you to reinstall itself to ensure its own safety.

Security Caveats

Third-Party Risk: UniGetUI, Microsoft, and Scoop do not host the software themselves; they provide the scripts to download them from third parties. Theoretically, if a third-party server is compromised, a package could be at risk if the hash isn't updated accordingly.

Official Signature Check: The UniGetUI tool itself is digitally signed by its developer (Martí Climent). You can verify this by right-clicking the installer and checking the Digital Signatures tab to ensure it is authentic.

Summary: UniGetUI uses checksum/hash verification via its package managers to ensure you get the correct, untampered file, but it doesn't always mandate a "digital signature" from the software publisher unless that specific package manager requires it.

So rather than go to the app site, just use unigetui, download via the winget (or the other options). That seems to be safest. It also makes updating apps easier as well. Because it will notify you on updates, and with few clicks you can immediately update all your apps on windows.

well you could always go direct to the app site as long as you properly verified it's the actual one. but updating for so many apps can be annoying since you have to do this for ALL the apps you installed. this is why i use unigetui it makes things much easier, and safer while at it.

[YOUTUBE]_tLDcyMWWmQ[/YOUTUBE]

And just another reminder, even if you regularly update, doesn't always mean you are safe. take the notepad++ issue i recently posted here
https://forum.lowyat.net/topic/5554168

in that scenario, the app update mechanism was hacked into and went undetected for 6 months or so. so people who updated thinking they were safe, were not necessarily so. welcome to the insane world of the internet in 2026 if you use the internet you have to be on-guard and read the tech news regularly least you realize too late that something is wrong.

popular notepad++ got hacked for 6months

Moogle Stiltzkin — Tue, 03 Feb 2026 08:59:51 +0800

[YOUTUBE]uz3s401d42E[/YOUTUBE]

https://arstechnica.com/security/2026/02/no...ly-chain-attack

so the popular notepad++ got hacked for 6 months. so if you use this app, you may want to do something about it.

the dev said, update directly from the website using the latest version.

other things you may want to do is kaspersky removal tool, scan. malwarebytes, scan. windows defender offline scan.

in the most extreme, a clean reinstall of windows 11 (the nuclear option. why? rather than finding a needle in a hay stack, just nuke it all. then you can be sure it's fixed)

do you really need to go that far? it's up to you. just know that notepad++ got compromised.

usually the signs of a compromised system

- system feels sluggish even when not doing much
- high cpu usage? when not doing much
- lots of network traffic
- and other signs

ram prices Q4 2025 hiked?

Moogle Stiltzkin — Mon, 03 Nov 2025 19:33:28 +0800

[YOUTUBE]TIHwpPfKXz8[/YOUTUBE]

QUOTE

This tracks with what's been going on in the DRAM and memory industry. Samsung and SK Hynix, for instance, are reportedly charging customers up to 30% more for DRAM and NAND in the fourth quarter of 2025.4 days ago

surprise nobody talking about this. maybe they did but i couldnt find the thread

i upgraded my pc few month ago. bought a

KINGSTON FURY BEAST 32GB (2X16GB) 6000MT/s DDR5 CL30 AMD EXPO RAM - KF560C30BBEK2-32

for RM 557

but prices for the same item same store, now RM 860

For myself dodged a bullet. most others who need ram right now, G_G:

some suggestions what to do
[YOUTUBE]L7uysV5viP4[/YOUTUBE]

for ram these are the specs u typically want for a modern 2025 amd pc system

- 6000MT/s (good enuff)
- CL30 (good enuff)
- AMD EXPO (what this means is it has the EXPO configs. which is what you want for AMD pc build. dont accidentally buy the Intel kit)
- (2X16GB) this capacity size is whats recommended in 2025. If you need more, buy more. but for most people this is sufficient. Also why 2 sticks instead of just 1 and also 4? Because using 2 stick you can use dual channel mode. Also 4 sticks works poorly for am5 systems so they don't recommend using 4 sticks.

anyone tried laser etching for their side panel?

Moogle Stiltzkin — Tue, 26 Aug 2025 14:57:01 +0800

anyone tried laser etching for their side panel for pc casing? Any do you recommend? got examples and pricing?

aktimate mini to edifier qr65, upgrade?

Moogle Stiltzkin — Sat, 24 May 2025 14:56:21 +0800

aktimate mini to edifier qr65, is this a good upgrade?

[YOUTUBE]Dvglj5U_H04[/YOUTUBE]

my aktimate were spoiled, so i sent for local repair. donno what the fella did but the speaker worked after that. but speaker is old so i felt it was time for an upgrade.

So was my choice of a edifier QR65 a good choice? or not. Seeing what speaker i used previously

I was looking at other alternatives i saw mentioned,

- Ora 4
[YOUTUBE]yK4y4Sdjy0Q[/YOUTUBE]

- Kali Audio LP-UNF
[YOUTUBE]zQHTnKTjS-8[/YOUTUBE]

the thing is, the edifier was on sale, so i get a qr65 AND a T5 subwoofer, for the price of either of those other options. with voucher came down to about RM1,690

my intended usage for desktop pc speaker for gaming, youtube and just music. Can't be too noisy because of neighbors though i do enjoy some nu-metal so hope speaker good for that kind of music.
[YOUTUBE]04F4xlWSFh0[/YOUTUBE]

i also bought some speaker stands to get the speaker ear level, and to free up room on desk. it will look similar to his setup (they also use the qr65 with the stands i ordered)

anyway i'm not an audiophile expert, wondering if the senpais have any opinion on this speaker i bought and whether it was a good choice or i made a mistake and should have bought something else

PS: i see some youtube reviews they said the QR65 bass is fine as is. But i don't think so. If you watch this youtube there is a side by side comparison. Big difference between subwoofer and without

[YOUTUBE]NpIcbqtglnA[/YOUTUBE]

*update

speaker and woofer arrived. the speaker smaller than the aktimate

tested music doesnt sound worse so...

tried a couple of songs, seems best with techno/dance

server rack patch panel cat6a straight through?

Moogle Stiltzkin — Fri, 10 Jun 2022 10:21:52 +0800

server rack patch panel cat6a straight through, where to get this? any recommendations?

tried checking shopee and lazada but wasn't sure 12 port seems too few... so was looking for 24 port.

i want to be able to plug in to ethernet ports without having to cut the ethernet wires basically

guest vlan wireless ap issue

Moogle Stiltzkin — Wed, 17 Jun 2020 15:07:27 +0800

pfsense unifi ?

Moogle Stiltzkin — Mon, 01 Jul 2019 02:00:26 +0800

searched the forum but info is stale or when i tried couldn't get to work. is there an updated guide for setting up pfsense to work with tmnut unifi

Tried this but didn't seem to work
https://highsecurity.blogspot.com/2011/08/p...d-tm-unifi.html

https://forum.lowyat.net/index.php?showtopi...=0&p=82418857&#

Synology DSM 6.2 review by Moogle

Moogle Stiltzkin — Thu, 25 Apr 2019 16:49:41 +0800

DiskStation Manager 6.2 review by Moogle
https://www.synology.com/en-global/dsm/6.2

This is just a basic intro to some of the features in the Synology DSM 6.2 NAS. I may have skip a couple of features, but i got most of them, and mention the more interesting parts of DSM 6.2 that really stood out for me.

Firstly, a NAS is short for network attached storage...device.... it's this box you can insert hard drives to then group them together in a raid1/5/6 etc. You can then have your hard drive create shares which are usable by the user to store their digital data e.g. documents, videos, music, pictures etc..... and make them accessible over your local area network (e.g. via switch/router) via wired, or even wireless. If you want.... you could also make the NAS remotely accessible over the internet (although i only recommend doing so via a proper VPN setup if you intend on doing that).

A NAS not only can store your digital data, it can also act like a server to run apps as well, and do many things. one popular usage is running a plex server to stream your digital videos to the HDTV either locally or remotely.

Okay so i'll just be posting some screencaps and providing my feedback about that specific feature for the item in the picture based on what i know about it. It's so you can then decide if this is something you would find useful or not for a NAS.

This is the DSM desktop. to access it you open a browser, enter the NAS local lan ip:port then enter your login credentials to access. pretty simple. Any significant issues would normally be highlighted in the top right where notifications is located.

This is the DSM help center. What you don't know, go here, type the keyword to learn more. Sometimes when your browsing apps, there is also a "?" you can hover on or click to learn more about the feature.

the top left icon gives you access to other options available in DSM

in the top right for notifications, you can fine tune what it should bother you with. personally i'd recommend leaving it on default.

package center is where you can install the synology native apps or third party apps that have been integrated into synology and added into their package center ecosystem. There is an interesting auto update feature included, so you don't have to always manually update yourself by checking into package center everytime.

you can install different versions of web modules like apache http server. As of this time, this seems to be the latest apache fyi

in web station you can opt to use either nginx (which is very fast) or apache for your web server. It's integrated into synology quite well that it is easy to make the switch between the 2.

this is the DSM control panel with more options available for the NAS.

shared folder is where after setting up your NAS for the first time, you create these shared folders so you can then begin storing your digital data into. I would recommend keeping them name short and descriptive as possible.

Domino Pizza Malaysia hates Diablo Immortal also

Moogle Stiltzkin — Wed, 14 Nov 2018 22:03:02 +0800

power supply unit customs?

Moogle Stiltzkin — Sat, 02 Dec 2017 15:31:39 +0800