And they’re not going to pay millions to be the default for a browser that no one uses.

I think multiple people already have access to the databases that store the data the device sends. I don’t really care whether they get the data from the device itself or from the database.

Similarly, I think multiple people have the ability to make changes to the firmware build and the systems that distribute it. So those people already have the potential ability to gain access to the device.

One person or multiple people having unauthorised access are both unacceptable. I’m saying that the users have to trust the companies ability to prevent that occurring, and that therefore this particular technical detail is mostly irrelevant

I’m 90% sure it is not a single user. I just don’t see how that really affects the security of the product, given that the company that sells it can already do the things the author is saying can be done if you have this key.

To be clear, I wouldn’t buy this. I just don’t think the SSH key makes it any worse than it already was

The email address attached to the public key, eng@eightsleep.com, to me suggests the private key is likely accessible to the entire engineering team.

This assumption is doing a lot of heavy lifting in the authors argument that this is a big deal.

This assumes that the reviewer who gave the rating wasn’t considering value as part of their scoring. I’d expect the reviewer to be scoring a TV based on his good it is compared to similarly priced competitors, not comparing to every other TV on the market

Sure, but then you’ve just shifted the problem up a level. Now I have to trust that the user id you provide me in the insecure channel really is you. Which means either trusting the insecure channel or trusting that the web app has confirmed who you are in some other way before giving you an ID.

We have to reject the first since we could skip all the asymmetric crypt and just send a symmetric key directly in the insecure channel.

If we’re trusting the web app has confirmed your identity, we’ve moved from “just quickly go to this page and it’ll generate you a public key” to “go to this site, upload a photo of your ID and a video of you saying that its you and whatever other verification is needed, then it’ll give you a public key”.

You originally wrote:

The one sticking point is that your recipient needs to visit the site before you can send your vacation photos to them, but is it really that hard?

The hard part isn’t them going to the site in advance, it’s them establishing trust with the site that they are who they claim to be.

Even if you’re using asymmetric cryptography, you still have to trust the insecure channel. If an attacker can replace the URL sent there with their own then they can have the sender encrypt the files with an attacker controlled public key rather than the legitimate one

Here’s an Olympic sprinter powering a toaster. He generates 0.021kWh going flat out: https://youtu.be/S4O5voOCqAQ

It’s not that you change the passwords for each website often, it’s that you use a different password for each site. That way if one site gets hacked and your password is leaked, it can’t be used to access your accounts on other sites.

Plenty of costs don’t depend on how much usage there is. If a tree falls and takes out a power line it cosrs the same whether that line was being used at 1% capacity or 100%

It’s a quite entitled view to take that they should make an effort to pass the project on. It would be very hard to build sufficient trust in a new developer quickly, and passing it on without that trust would be undermining the trust that users of the projects have placed in this dev. If I were him, I wouldn’t be staking my reputation on finding someone to take over from me if there wasn’t already an obvious candidate.

The successful fundraiser you mention looks to have had a target of $12k USD (from: https://discuss.techlore.tech/t/divestos-is-unsustainable-needs-community-support-we-sent-250-and-you-can-help-too/6660, the original page has been taken down), and was as a alternative to them taking a full time job. I’d say its a reasonable bet that money was spent on living expenses, and IMO $12k a year is much less than this level of skilled work is worth. It’s certainly not enough money to make it unreasonable to shut down the project a year later, and I doubt anyone who donated feels shortchanged by it.

The upside of IANA doing it would be a standardised place for sites to move to. Without coordination, different sites would move to different TLDs, probably mostly based on what isn’t already registered. IANA could create a new TLD for this and give existing whatever.io owners a chance to register whatever.iox before its generally available

How exactly is it hashed? There aren’t that many possible phone numbers, so it might be viable to just try every valid number until you find one that matches

It’s marked solved, but since OP didn’t post the solution:

-e uses basic regular expressions, where you need to escape the meta-characters ((|)) with a backslash. Alternatively, use extended regex with -E

$ echo a | grep -E "(a|b)"
a
$ echo a | grep -e "\(a\|b\)"
a
$ echo a | grep -e "(a|b)"
$ echo a | grep -E "\(a\|b\)"

The x390/x280 are the same era as these but smaller, so might be a better fit here. The X390 has soldered RAM though, so I’d look for the 16GB version if you can find it (there’s not much of a price difference used)

I wouldn’t wait that long in the hope that Google release another Pixel tablet and that it then fixes the issues you have with the current one. IMO there’s too much risk that either they don’t release it, or they don’t release it at the time you’re expecting, or it doesn’t change things you care about, or they change the price/features.

I’d say buy the best (/least worst) thing you can actually get now.

I think you’re misunderstanding which ramp I mean. Looking between the wheels of the white car, it looks like there’s a ramp the goes from the parking lot up on to the sidewalk. The white car would prevent a person using a wheelchair getting onto the sidewalk.

The white car isn’t parked in a disabled spot. Its parked in front of the ramp for a wheelchair, which isn’t a space

Changing DNS isn’t the same thing as a VPN. Your traffic isn’t “tunneled” over DNS, it just changes which server your devices use to look up IP addresses. Your ISP can still see quite a lot, particularly if you’re using plain DNS rather than DNS over HTTPS or DNS over TLS.

I’ve always got them from eBay.

The T and X series are the high-end ones. Between those it mostly depends on what size of laptop you’re looking for. Its worth checking a guide for how you replace the SSD/RAM/battery - some of the newer ones have these soldered in place, which means you’re stuck with whatever it originally came with.

Personally, I think the sweet spot is around 4 years old. By that point they’re pretty cheap (maybe 10% of the original RRP), and going for older ones doesn’t save you much more money. I recently got an X390 and it’s doing everything I need from a laptop