Do you think I made this donation?
I replied to someone saying it was sad someone gave money to a murderer.
I don’t think it’s sad someone gave money to help someone they think might not be a murderer, and even if you think they are one, it’s not sad someone had the impulse to help push back against what they saw as a biased application of the Justice system.
I understand you think that’s misguided in this case. Do you understand how that’s kind of a nonsequitur?
What does that have to do with anything?
Someone with resources gave money to aid the defense of someone they think is being treated unjustly after watching and seeing what they thought was mistreatment.
Are you just trying to aggravate people, or do you actually have a point?
They’re saying that they find due process to be lacking and the prosecution to be political.
Do you think it’s depressing that someone would donate money to the defense of someone they think is being inappropriately prosecuted?
If you think they’re guilty, you should still want them to get the best defense possible, so that when they’re found guilty it’s airtight. Our justice system is based on an adversarial model. If the prosecution, with the resources of the state, can’t successfully argue that they did it and that their arrest and all procedures were properly followed, do you really want that to still mean someone faces the death penalty?
It wasn’t the crypto key pair part I was referring to, it was the part where fido is geared towards interactive user auth, not non-interactive storage.
It wouldn’t have surprised me if the ssh devs hadn’t put implementing fido support for host keys high in the development list, or that it was tricky to find documentation for. Using something like a tpm is the more typical method.
There’s no technical reason it can’t work, and the op got it to work so clearly the implementation supports it, but that doesn’t mean it’s the most expected setup, which means it might have unexpected gaps in functionality or terrible documentation.
Unfortunately, I think you’re going to run into trouble because fido authenticators are geared towards working as user authenticators rather than as device authenticators.
It certainly should be possible from a technical perspective, but implementation-wise, it’s very likely that the code focuses on making fido devices work with client keys, and using tpms for host keys, since that’s much more focused on headless server functionality.
Oval peg in a round hole.
The biggest issue is that the birth certificate is typically done at a very local level, usually the county, and not anyone can file one. It’s often the case that a particular person at a hospital or a registered midwife needs to file the application. Parents can report a live birth outside of an institution but you need to physically go to a courthouse with the baby.
A different group of people is responsible for social security cards.
If one county clerk files a huge number of birth certificates and uses them to back social security card requests, it’ll be noticed.
There’s always a way around the paper trail, usually by just making sure no one bothers to look at it, but they all involve adding more people to the conspiracy, which adds more risk.
No one will notice that one doctor delivered 500 babies in one day if no one looks at the paperwork, but each person involved increases the likelihood of a mistake causing people to look, which almost certainly will cause those details to be noticed.
It’s similar to how people do a huge amount of any fraud, and then once a thread of detail gets noticed the entire thing is unraveled.
Your best bet is to minimize the number of forged documents. I would predict that a single person could most easily get a non-citizen us national passport for someone to assume an American somoan identity. Since there’s comparatively few non-citizen us nationals, a passport is the federally preferred method of identification. Since the territory is an edge case, there’s more room for slipups, and since you’re not posing as a citizen, you have an excuse not to have some records.
Just for the record I looked at how they encrypt and sign the data and it’s nothing I would call over the top or particularly troublesome.
Signing data that’s used to configure a piece of hardware isn’t unreasonable in my book.
It would certainly be better to have a mechanism for custom tags, and better yet the ability for you to trust a filament producers key, but the mechanism they’ve used for the signing really doesn’t say anything to me of note.
I feel like any AI tool that’s being sold as saving you money just won’t do that. Some of the ones that sell improved detection rates might.
AI that works as a tool designed to be used by an existing or new professional to augment their abilities works as well as any other tool. An ultrasound doesn’t save you money except in the abstract of being more freely usable than x-ray allowing for more checks with less equipment.
A tool that highlights concerning areas on a mammogram isn’t replacing a person anymore than the existing tools that highlight concerning heart rhythms.
Trying to get llms to replace people, particularly when it comes to trying to explain the content of a potentially technical medical discussion is just not going to be reliable.
So stop using it? If you keep using it they’re just going to think you want it, doubly so if they’re not getting the feedback that the answer was trash.
I had two premature babies in the NICU (twins with last minute maternal complications, everyone is fine but things were early), and they benefited so much from donor milk.
Newborns in general and preemies in particular have basically no immune system. NICU preemies are also susceptible to a very serious intestinal condition that can cause parts of their intestines to die.
Breast milk is filled with antibodies and various immune response related proteins that help bootstrap their immune system and might essentially prevent the intestinal issue entirely.
Once you’re developmentally advanced enough there’s no real long term difference between formula and breast milk, but before then the immune compounds we can’t make synthetically are basically medicine.
It’s a little odd because breast milk seems more intimate than something like blood, but it’s arguably more impactful.
Yup, it’s not ideal.
For slight contextualization on why it’s not the worst: for the most part, the lead pipes have a layer of scale (material from water reacting with the pipe) that keeps lead out of the water.
We stopped installing new lead pipes quite a while ago, and the program to fully phase them out was started in the 90s. This was relatively routine for developed countries, as lead pipes were extremely common across the world.
After Flint, it became apparent that this wasn’t the “slow fix” problem everyone thought after we saw how easily it could go to full “problem”. So everyone accelerated the timeline.
So while it’s definitely a problem, it’s not an entirely novel or extremely critical problem.
If people thought we lived in a society, than we wouldn’t have used lead pipes in the 1950 or before?
In an era where we didn’t know there was as much risk as we found out over the following decades?
What the fuck are you even talking about? Do you know when these pipes were even installed?
Do you think that people should be held responsible for the votes of their great grandparents? Or, more specifically, that their children should get brain damage because of how their great great grandparents voted?
What do you think we gain by letting poor communities be potentially poisoned? That hurts all of us.
Hell, Flint (the prototypical example) didn’t even vote for the people who screwed them over. The state government imposed them on the city against their will.
I suppose you think they deserve lead poisoning because they didn’t have the good graces to have a flourishing economy after the biggest employer in the city left?
Because we live in a society.
I don’t know how to convey that you should do things that keep people, particularly children, healthy even if they don’t live in the same municipal tax jurisdiction.
The program has been going on for decades. The Feds put money in a big account the EPA manages that gives grants and loans to areas that need it to get the process completed faster.
As loans get repaid over the years, the money is leant out again. Most areas have enough income to afford the project, but not enough cash on hand to afford to pay all at once.
This is the first batch of additional money being added to the fund along with a mandate that the problem be resolved in a fixed timeframe.
Currently the fund has used about $20billion to provide $40billion in upgrades over nearly 30 years.
Funding: The Bipartisan Infrastructure Law provides $50 billion to support upgrades to the nation’s drinking water and wastewater infrastructure. This includes $15 billion over five years dedicated to lead service line replacement and $11.7 billion of general Drinking Water State Revolving Funds that can also be used for lead service line replacement. There are a number of additional pathways for systems to receive financial support for lead service line replacement. These include billions available as low- to no-cost financing through annual funding provided through the Drinking Water State Revolving Fund (DWSRF) program and low-cost financing from the Water Infrastructure Finance and Innovation Act (WIFIA) program. Funding may also be available from other federal agencies, state, and local governments. These efforts also advance the Biden-Harris Administration’s Justice40 Initiative, which sets the goal that 40% of the overall benefits of certain Federal investments flow to disadvantaged communities that are marginalized by underinvestment and overburdened by pollution.
Depends on the vendor for the specifics. In general, they don’t protect against an attacker who has gained persistent privileged access to the machine, only against theft.
Since the key either can’t leave the tpm or is useless without it (some tpms have one key that it can never return, and will generate a new key and return it encrypted with it’s internal key. This means you get protection but don’t need to worry about storage on the chip), the attacker needs to remain undetected on the server as long as they want to use it, which is difficult for anyone less sophisticated than an advanced persistent threat.
The Apple system, to its credit, does a degree of user and application validation to use the keys. Generally good for security, but it makes it so if you want to share a key between users you probably won’t be using the secure enclave.
Most of the trust checks end up being the tpm proving itself to the remote service that’s checking the service. For example, when you use your phones biometrics to log into a website, part of that handshake is the tpm on the phone proving that it’s made by a company to a spec validated by the standards to be secure in the way it’s claiming.
Package signing is used to make sure you only get packages from sources you trust.
Every Linux distro does it and it’s why if you add a new source for packages you get asked to accept a key signature.
For a long time, the keys used for signing were just files on disk, and you protected them by protecting the server they were on, but they were technically able to be stolen and used to sign malicious packages.
Some advanced in chip design and cost reductions later, we now have what is often called a “secure enclave”, “trusted platform module”, or a general provider for a non-exportable key.
It’s a little chip that holds or manages a cryptographic key such that it can’t (or is exceptionally difficult) to get the signing key off the chip or extract it, making it nearly impossible to steal the key without actually physically stealing the server, which is much easier to prevent by putting it in a room with doors, and impossible to do without detection, making a forged package vastly less likely.
There are services that exist that provide the infrastructure needed to do this, but they cost money and it takes time and money to build it into your system in a way that’s reliable and doesn’t lock you to a vendor if you ever need to switch for whatever reason.
So I believe this is valve picking up the bill to move archs package infrastructure security up to the top tier.
It was fine before, but that upgrade is expensive for a volunteer and donation based project and cheap for a high profile company that might legitimately be worried about their use of arch on physical hardware increasing the threat interest.
Yeah, it’s definitely faster, but I’m not sure it’s going to make too much of a difference for a Minecraft server.
With setting it up being a bit annoying by hand, I’d still rank the router option higher even if it’s a worse VPN. Otherwise you risk ending up in that yak shaving situation where you’re fighting with routing tables and DNS when you wanted a Minecraft server.
Oh for sure. What I meant was “check router for a built in VPN and use it if it has one, otherwise use wireguard because it’s the easiest”.
The specific VPN doesn’t really matter so much. The built-in one would be the easiest, so checking for a solution that took a few clicks is worth it. :)
I would use something like wireguard, or another VPN service you can host yourself if your router supports it natively.
From the looks of it Minecraft servers seem to have dogshit authentication, so using some form of private network setup is going to be your best move.
A lot of it you can fake pretty well by putting some water on their face and a touch of whatever makeup makes your cheeks a bit rosy.
A lot of the cries the babies have are the “I asked for food and it’s been three minutes and I haven’t gotten it, so I’ll ask louder”, or “I just woke up and forgot I have hands”