Only debt we have a mortgage we owe 226k on. Cars are owned outright and were paid off early. Student loans we paid off early. We generally live below our means. CC’s are used for general purchasing and paid off in full each month. They are basically a stop-gap for fraud protection.

Frankly my favorite are just generic hospital blankets.

I still use a couple i stole from the hospital (or rather paid for through insurance and seized) when my kids were born 7+ years ago. THey are awesome, and very easy to wash. Hell you can even bleach em.

The expanse.

Ah. That makes sense.

Interestingly the game is downloading for me. I have had it in my library for some time now.

Is it saying its been pulled for new sales only?

Would agree 100%

Beeper does want you to proxy your iCloud account through a Mac on their network for iMessage. You are logging into your iCloud account through their site. They are in effect using Mac minis in a farm to provide the service based on what I looked into (including self hosting it, but then you can’t use a beeper app, you need your own)

https://help.beeper.com/chat-networks/imessage?from_search=125277302

I would agree with most of what you said.

There are also a not-insignifigant number of people that struggle when at home 100%. Some people are rock stars and able to just get stuff done. But a lot of people are not, sadly, organized enough to handle such an unstructured environment and able to still be effective.

This isnt a new thing due to covid or the move, but a LOT of folks just do better with a hard separation of work/life and a lot of folks arent self aware enough to know they need it.

As someone that can and has worked remote, and chooses to come back, it can be frustrating working with people that struggle with these things, and I definitely see differences between home work and office work in some. I actually work in an office because its much easier to maintain balance. I tend to work too much from home and it causes burnout but I also have kids/family that come home early and dont really understand that just because im home doesnt mean i can sit down and talk at their convenience. What I mean is that work/life balanace is harder. So i choose to commute 99% of the time and can WFH when needed.

But i have one guy that had had this issue chronically for years where he often struggles to communicate, is easily distracted, often needed to be micro managed or have his tasks organized, prioritized and in some cases, even steps spelled out. He does well enough to mostly be of help (so hes not gonna get fired), but he complains about lack of upward mobility or lack of raises, but when the SHTF, hes always got excuses locked and loaded about why hes behind or cant complete a project/task.

Conversely I have a guy thats AMAZING from wherever. Never has issues and is always way ahead of the curve. Hes also full time remote but excels at it.

It just depends on the person in a lot of cases and frankly, in my very small use cases, many/most arent the type that are capable of the self discipline needed for the task. Now that said Im not at google or one of those places that hires rockstars in buckets, so they reasons they are RTO are likely different from my orgs.

Of my team, i would say at least a cool 60% are just much less…themselves from home and easily distracted. Either because they segment their life (which is fine and awesome, i do that too), or because they dont have a good setup at home, or because they are just too easily distracted at home.

Any company that I have to give my username and password for a third party service (and especially one as important as icloud/imessage) ill take a hard pass.

I went from stumbleupon/fark, slashdot/google reader, digg, reddit, lemmy.

My account on reddit is pretty old. Like in the 17 years old area.

Digg i was on until the first exodus. (It wasnt just one migration, it happened in 2-3 waves). I actually like G4TechTV and diggnations show (amongst a few others like Hak5 etc)

Oh yeah. Of course old tpm (1.2) that was the only key to the Castle isn’t great in the hand of someone with some know how and alligator clips since it communicated in clear text at the bus level so key extraction was possible. But for most folks security model, who cares. If it was a risk the business handled it with a pass phrase and tpm.

Apple does security prettt well and integrated too. Especially for most that don’t care.

Im gonna be honest. I stopped reading here.

There are entire swaths of the world, billions of people, where phones are basically the only gateways to the inter.

I do not recommend using a smartphone for banking. You’re asking for a huge attack surface & it’s reckless. People will do it anyway but to suggest that people should avoid Tor for banking on the basis that you’re assuming they are using a phone is terrible advice based on a poor assumption. Use Tor Browser from a PC for banking. That is the best advice for normies.

again, the article is about “normies” using tor to get it to lose its stigma… The only way it gets de-stigmatized is for “normies” to use it. The way “normies” access things is vastly different. There are risks to that. And its not just banking. Getting your email account hacked because you used it on a malicious exit node for one reason or another is just as bad, if not worse. Tor exit nodes are wholesale more malicious than your ISP.

I dont know why you are getting hyper fixated on specific use cases that were used as broad examples. Banking isnt the point its the general use of TOR and the risk it brings. Forest for the trees my guy.

Have a good one. We’re done here.

Good security comes in layers (“security in depth”). TLS serves users well but it’s not the only tool in the box.

Im glad we agree. Because its the entire point. You are nitpicking where it suits you and thats not really honest conversation. Tor browser isnt the only way to access tor and if you are talking about making tor more accessible using things like phones is going to be needed. There are entire swaths of the world, billions of people, where phones are basically the only gateways to the inter.

And on a device with something like CalyxOS (or built with the app structure like calyxOS android based apps) that opens up a LOT more applications to using tor, some of which arent going to be locked down or configured appropriately. Its riskier. You seem to implicitly agree as you only pointed to a single example of XSS and just ignored other examples I provided…Surely we dont need to iterate through every attack vector out there? Because the point isnt those minutia there.

The point is, again, that Tor and specifically exit nodes are more hostile than normal ISP relays. They are actively malicious and often looking to exploit anything they can. Saying selling metatdata that is unencrypted is the same level of malicious as a nation state going after you (life and death) or having your identity or bank account stolen is clearly pretty naive. Even having your banking comprimised is a giant show stopper and theres no “well i have protections” flag to waive. You still have to deal with getting your funds back and paying for stuff to live in the interim. Its a very invasive process. Comparing that to an ISP selling your DNS queries (which im not even sure happens) is literally apples and orances

Those threat models all have a common denominator: mass surveillance. It is safe to assume mass surveillance is in everyone’s threat model as a baseline.

Thats a bad assumption. MOST people arent really concerned with it in the western world. Its why the apparatus exists. And thats not a Trump thing. its existed WAY before trump. Snowden showed that and it was Obama, not trump, that went after whistleblowers harder than any predecessor before them. Its why Snowden is still in exile to this day. Further trying to make this about “party” sides is a bad idea. Its something all parties, including most countries are not only a party to, but actively collaborating against. And there are some areas where straight access TOR is illegal and can get you in trouble. ANd the mass surveillance one country does (ie: US) is much different than another (ie China) so again its not just a giant brush to paint with there. Piping all data through Tor would make you look more suspicious in some of those latter countries and could increase your risk to fingerprinting or tracking, rather than selectively using it where and only when needed.

Every connection that matters uses TLS so the exit node honeypot only sees where the traffic is going, not what’s in the traffic and not where it comes from. IOW, the exit node knows much less than your ISP.

That’s not a magic bullet for secuirty. There are so many ways to exploit connections. Look at what happened here on lemmy with vulns leading to takeovers of instances with xss of session cookies . Or what happened to Linus Sebastian and his YouTube channel, which has one of the largest, most security conscious companies backing it.

The primary difference is your ISP is not generally actively hostile. They may want to sell metadata but they aren’t actively trying to exploit you. And all it takes is a bad auto fill page, or even a fake/spoofed one on an account without mfa or a service with xss vulns etc.

And your thesis is what, that we should make snooping easier for them by not practicing sensible self-defense?

To your own point. Everything is TLS now right? That argument swings both ways. If your ISP (or in some cases a nation state is your isp) is actively tracking you, then there are other alternatives that may be better. Mullvad would sooner be used for banking than tor. Tor is also not all that often used en masse. If my township only has a single tor user (me) that makes me less private. An ISP can easily see who is enterting tor unless you are using more obfuscation like bridges and obfsproxy. It’s the same reason why checking the do not track box in your browser is less privacy oriented. It adds entropy to your fingerprint there.

But to answer my your question my thesis is tor is not necessarily a privacy panacea. The threat model an American or European has is much different than someone from Vietnam or turkey or China, which is also much different than someone from the Nordic countries.

Also. Those running an exit node can and do sniff traffic.

It’s bad practice to login to stuff that’s important (like banking) over tor. Or login to anything over for you have logged into over the clear.

Also, nation states can track you using a variety of techniques from fingerprinting to straight up working together to associate connection streams. A large number of tor nodes are run by alphabet agencies. Hell the protocol was developed by the us navy.

Nzbget gang here… for the gangbang?

This guy rikers.

yeah agree. Just the end was waaay too…silly.

It had a decent core to the movie i guess. It has been quite a while since i watched it, and the main thing that sticks out is the last 10-15 minutes where my eyes just kinda rolled to the back of my head since in the end, the ridiculous decisions didnt have consequences for specific cast members. (and I am trying hard not to spoil anything with my phrasing here).

Its a movie worth watching, just not one I would probably ever re-watch outside of once a decade or so.

Sanctum

I watched it, and as a scuba diver was like…yeaaaah…

The end was especially ripe. But it was just dumb decision after dumb decision.

A friend of mine always gets me to download weird shit (to me). That is one that sticks out. The latest request was renfield, with Nic Cage playing dracula.