Encryption at rest just means the data itself is encrypted when stored on disk and the key is somewhere. It doesn’t dictate that the key is not visible to the server.

Encryption in transit refers to an encrypted channel from client to server.

E2E encryption usually refers to encryption from one entity to another where any intermediary servers do not have the ability to decrypt

Source: too many years doing application security at my job

Autonomous vehicles often have network connectivity to allow the owner to track, monitor, and send commands.

I really want to like Nix. The idea of declaratively defining my entire system sounds great. I can manage it with Git and even have multiple machines all look the same. I can define my partititioning once and magically get a btrfs disk working. Wow!

But I find the language confusing no matter how many times people say it’s easy. I have a lot of experience with other programming languages so maybe it just doesn’t mesh. It also gives terrible error messages that are hard for me to understand. And Nixpkgs is unpredictable for what version I’m going to get. One of the services I installed ended up being a release candidate version which was a surprise. What if I don’t want the latest version of Docker? How do I pin it? Do I have to duplicate part of Nixpkgs? It just feels like a monorepo where everybody has to be on the same versions. Why on earth do the Nix language docs start by introducing math expressions instead of here is a simple self contained thing that installs one program. Here’s how you configure it. Here’s how you expand. Why does the dependency graph seem to pull in so many unnecessary dependencies? For example, I tried to build a minimal Docker image (which Nix looks to be a very good fit for), but I couldn’t figure out how to strip out dependencies that likely were only used during build for a dependency.

I still like the idea and have managed to get my server defined entirely with NixOS which is very cool, but I can’t recommend this to my tech friends because if I’m confused they will be more so.

The point seems to be able to handle a UPS failure

WiFi is on all three bands. It’s not so much what’s newer vs older. Newer devices tend to support 2.4, 5, and 6 and switch between them based on quality of signal and support by the WiFi network. Higher frequencies like 5 and 6GHz are generally better because there’s less interference.

Cheaper devices tend to only support 2.4GHz

Yes, but from a societal perspective, theres value in making cuts in a lot of different places.

Maybe you can do a meatless Monday, and somebody else will go vegan. Tell the people in private jets to stop flying private, but the family that’s going to another culture and learning and maybe becoming better has benefits.

Fascinating. Just based on your comment and nothing else, sounds like it could be something like a CPU Enclave like Intel SGX. Basically a remote client can validate that an application runs in a secure part of a remote cloud computer. The stated goal of SGX is that you only have to trust Intel and if you trust Intel and say run program X in the enclave, then only that part of the CPU can access the data, not the applications running in the non-secure enclave.

Now that brushes over some things like you still need to trust the client and IIRC in a WhatsApp situation, you don’t really know what enclave does, but the communications between the enclave and the host OS are heavily restricted. LLMs also require lots of CPU and are usually run on GPUs, so not sure how that works yet.

I think #1 is suggesting to move the neutral over to another hot phase and change the outlet to a 240v nema 6/three prong (I think) with two hots and a ground instead of the 4 prong.

The 240v at the same amps gives you higher watts so faster charging without an expensive new conductor. I’m

Most users don’t care, as long as they’re getting free stuff

Sad, but very true in my experience. I find even my friends who work in software engineering and have exposure to the bad sides of what technology can do, just don’t take any efforts to change. They addicted to Instagram, to Amazon, and everything else.

YT ads can be relevant to you based on data collected about you

They certainly can be but if there are 2 advertisers and one is the most relevant and the other pays them more money, which one do you think Google is going to show you?

The one that pays more because it’s an auction, but an advertiser that pays more for a less relevant ad to a user won’t be making as much money so there is an incentive to be more relevant.

Google is doing this because they have incentives to do so. They want to block malicious actors like attack their platforms.

Other companies want to lock down their own apps because they don’t think users should be permitted to do anything other than use their apps exactly as they want.

I don’t like it as a user, but I also see the reason why companies want this by being on the security side of software.

This is the future of the Big Tech Internet if we’re not careful. Attestation to be able to use communications and other websites.

bash doesn’t have a main function either and no one is fucking complaining.

I don’t complain about Bash’s lack of features because I choose not to write Bash scripts and instead use saner languages.

I used to work in Amazon (left after 10 years because it wore me down), but it wasn’t that compartmentalized.

I’m sure there were some teams that were like that but I could easily find another team, open a ticket, get a response and see their on calls investigate the issue. It was often times possible to look at their service metrics and source code to see if I could find the problem myself.

Support just can’t share that info because they don’t know what is considered a trade secret or internal detail vs what is public.

I’ve used Brultech in a house before. It’s not very user friendly to setup having to download some different firmware flashing tools and configure everything in a brittle web UI that only allows one browser tab at once. But it does have Ethernet, comes with a variety of different CT clamps. The donut style CT clamps are very compact making it easy to fit them into a electrical box. Don’t use the built-in one, use the HACS integration. The different sizes make me think that the Brultech is probably more accurate than the Emporia with only a single size.

I ended up going with Emporia Vue2 for my own house given the complexity and my house layout not really permitting the Brultech’s install.

Containers can provide SBoMs too and in comparison to HA OS, which is what the comment was referring to, container and core give you better control over the application allowing for more security mechanisms. Comparing container vs core for security is interesting cause container gives you some security features for free like seccomp, cap drops, namespacing, etc. which you don’t get for free with core.

I find the claim that core is more secure than a container because it has an SBoM as dubious, but maybe you’re talking generally about containers vs distro package managers, which is a different point, but SBoM isn’t the only thing that makes some secure/stable.

Nope. Docker and Home Assistant OS will be the only supported installation strategies

No, it’s electrical code. Standard outlets can’t be used to supply power because it means you have a plug that has exposed wires commonly called suicide wires. While these balconey top solar likely use grid following so it has to detect a grid voltage, the electrical code doesn’t consider it AFAIK. This rule is for safety and because it would only power half your house because there’s only one leg per 110 outlet.

Is it different than how a country would protect other infrastructure like government buildings, hospitals, other electrical grid infrastructure, dams, etc.?

You might behind a shared IP with NAT or CG-NAT that shares that limit with others, or might be fetching files from raw.githubusercontent.com as part of an update system that doesn’t have access to browser credentials, or Git cloning over https:// to avoid having to unlock your SSH key every time, or cloning a Git repo with submodules that separately issue requests. An hour is a long time. Imagine if you let uBlock Origin update filter lists, then you git clone something with a few modules, and so does your coworker and now you’re blocked for an entire hour.