Look up how hard it is for humans to remember long strings of numbers. That is WHY ICQ (and eventually phone numbers) were dropped almost immediately in favor of social media and the ability to exchange numbers just by tapping phones.

And in the time it would take to memorize a bar code (12-ish digits, depending on standard) you likely should be rotating that password anyway. And in the time it would take to memorize it you are also very blatantly reading off a sticky note as you “discretely” look at your notebook every time you want to access your password database in public. And if you aren’t in public? Why go through these extra steps when there are much better ways to secure this that are a lot more obvious if they are tampered with.

I get that a youtuber you like talked about this. Youtubers talk about a lot of stupid products in the interest of making Content. But maybe listen to the people who have experience with this kind of hardware and the kind of security theatre policies that make them “a good idea”.

No. That xkcd (not loading but I assume it is the password one?) is not relevant. Because you can’t make a meaningful and easy to remember mnemonic out of a numeric password. That is WHY a purely numeric password is bad for anything that needs security. They are great for 2fa but the unique key should still be the other device.

And all of your good codes are similarly easy to social engineer out, are screwed the moment it is compromised once, or are literally reading off a sticky note.

Which gets back to these kinds of devices largely being security theatre. Because there is no good use case for them that wouldn’t also involve encrypting the data/volume after you pin in. At which point… why waste money on something conspicuous with an easy to crack code?

Didn’t use ironkey specifically but you can totally boot from an apricorn. Basically involved plugging it in, rebooting the machine, and VERY rapidly entering the unlock code before the bios finishes starting up and gets to the “so which drives are bootable?” phase.

It was hellish but it was also corporate policy to not use any USB storage devices that did not have a keypad for encryption. And DVDs were strongly controlled by the IT department (who were about as stupid as you would expect to have signed off on a policy like that).

It still drastically narrows down the search space and makes social engineering a LOT easier.

Because you tend to have one of two sources for any password that people need to remember.

1. Randomly generated with no rhyme or reason. And written down on a sticky note as a result
2. Something with meaning to the user

And it is the latter where this becomes an issue. Because let’s say they are a 50 year old and 1, 4, 6, 7, and 9 are heavily worn. Well, they were born in the 70s so let’s verify exactly when. Hmm, May. No 5 means it probably isn’t their birthday. Wait… their partner was born on April 7th, 1976. No luck. Oh, but what if they were clever and it is actually 197647 instead of 471976? Boom, in.

So it is confidential files in a public setting.

This is a solved problem that doesn’t involve a small overly expensive flash drive that requires very blatant operation to unlock when needed.

What is your use case for this?

• Confidential files in a public setting? Don’t fucking bring confidential files to a public setting. But if you must, a big bulky laptop with (good) FDE is a lot more sequre than a flash drive someone can pickpocket.
• Border crossing? Guess what? You paint a MASSIVE red flag on your back and get to learn that you don’t actually have all that many rights in the time between stepping on foreign soil and being admitted by customs. Congrats, you gave them the wrong code three times and it got wiped. They are going to break your face and put you in a black site.
• Hiding sensitive/highly illegal content in the event of a police investigation: Yeah… if you are at the point where there is a warrant (or black van) out for your arrest than it really doesn’t matter if they can see whatever you were looking at last night.

At my old job we required these for “thumb drives” and all they ever did was make reformatting machines pure hell.

That assumes there are good quality batteries and displays and whatever other parts you need. I think the (launch?) switch uses the same batteries as the wii u tablet? But there is no guarantee the switch 2 will us that and just look at how companies like apple lock down access to replacement parts.

In ten years (honestly? if the switch 2 really is 2024/2025 then I would give it less than five years) the issue will be finding old switches on ebay and hoping they were well maintained and have parts you can salvage. Because buying a compatible battery pack or display or radio or whatever will be a shitshow because those parts won’t be accessible unless you are buying in bulk from electronics companies… who will probably want to sell you newer components anyway.

Not going to comment on the software ecosystems because that is pure speculation and anyone claiming otherwise is talking out of their ass.

What I will instead point out is: your hardware is likely to fail in that time period. “Planned obsolesce” or whatever, I don’t care how you justify it. The reality is that these contain batteries that will degrade, and eventually fail. That is why anyone with a PSP or a Vita should check if it is bulging and dispose of it accordingly. And I think it is the xbox 360 that has a capacitor that people should cut before it leaks? Or basically any PC from 20 or so years ago where you need to repair the system clock on the mobo.

Hell, people love to talk about how unbreakable and amazing the NES is. Except… just look at GDQ where they have had multiple (?) instances of consoles failing during runs and the runners even talk about needing to source functioning consoles and scrap them for parts. This is why the speed running community went from gatekeeping “Rawr, only original hardware” to “So… those FPGAs are fucking cool, right?”

Much like with PC gaming: having the hardware or even the license does not mean you can play it in ten years without jumping through some hoops that often involve emulation and/or cracks.

I firmly believe that in five or ten years (… if the world hasn’t ended by then) we’ll have a “leak” that will reveal the behind the scenes negotiations between reddit and the app makers. Because even as it was occurring there was a decent amount of back and forth until it became “Reddit are trying to kill me, your best friend, by charging me rates that I can’t afford”. And then all hell broke lose which led to all the “Well, fuck it, reddit doesn’t need you either” level responses.

Which gets back to: When you approach “enshittification” from an actively antagonistic stance? There is zero benefit in providing a middle ground. If you are “literally hitler” whether you are reasonable or not and being reasonable doesn’t even properly stem the bleeding? Why bother.

Its why the various youtube messes have actually gone “okay”. Yes, you have people like Rossman who make it their brand to basically say “Fuck this company and I am going to actively attack them and encourage you to drop them while relying on them for income”. But the vast majority of “voices” had to take a more nuanced stance because… they need youtube to exist to make money. Which means the vast majority of Voices tended to be “Okay, this is bullshit and youtube is kind of a hellscape with ads so I am not going to blame you for running an ad blocker… even though I literally need you to watch those ads so I can make rent. Also, I get a LOT more money from youtube premium viewers. Just saying…”

And that is why… Youtube Premium has a LOT of supporters (myself included). Because we watch a lot of youtube and can “justify” it. And youtube music is probably the second best service based on almost any metrics/feature requirements.

Maybe I am just old and grumpy. But I remember all the various webcomics and (what we would now call) blog sites that had variants of “Please for the love of god whitelist us in your adblocker. We need those ads to pay for server expenses. We go out of our way to curate good ads and if you see a bad one, let us know and we’ll remove it from the rotation within 24 hours. But please, let us keep drawing stupid shit” that were almost universally responded to with "too hard. Adblocker on

That is the thing though. When you trivialize it to “they’re doing it because they can”, you aren’t approaching with good faith and are starting from an antagonistic stance. Which is a good recipe to guarnatee things get even shittier because if you are going to get the exact same response for being “kind of shitty” and “punting a baby off a roof” then…

Like, the reddit API bullshit is something that basically everyone here is aware of. And it was definitely shitty. But also understand that everyone runs adblockers, advertisements/sponsorships in general are increasingly “weird”, and people were actually spending money to pay for third party apps that blocked ads while using reddit servers/content. It is massively shitty (and part of why I “left”) but it also was a very “real” problem without a good solution.

I think the way reddit made it clear they did not care about users and just cared about having “the content” means they can go fuck themselves. But… how the fuck does it make sense for them to provide a service that other people charge for?

Doesn’t change media licensing being a minefield. Especially with respect to Japan where many of the studios/rightsholders have genuine fears of blu-rays and streaming hurting their market.

Not to my knowledge.

But also, I would assume the vast majority of library licenses were from buying blu-rays. You buy a movie or a season/collection and get a card to get the digital copy with it. So people, theoretically, already have physical copies.

In large part because… funimation was “the good anime streaming service”. That is similar to “Sony’s network shit is good compared to Nintendo” and “I would rather get shot in the ass than the foot”

Still hot bullshit though considering that there IS another anime service with similar capabilities under the same company (crunchyroll). I understand license hell and all that but… still.

I just use a pretty generic z-wave plug and home assistant. In the past I did more complex setups that actually determine what process is spiking and so forth. But eventually realized that “this is doing a lot of compute…” is a catch all for a LOT of potential issues.

And I guess I don’t understand what you mean by “shouldn’t be wireless”. It is inherently going to be wireless because you will be on your phone on the other side of the planet. If you genuinely suspect you will be vulnerable to attacks of this scale then you… probably have other things to worry about.

But as a safety blanket?

With my firewall disabled a lot of my internal network (including home assistant) will fall over sooner than later.

But that is also a recipe for mass stress. Because I know “something happened”. And now I know “in six hours, I need to check in and make sure that ‘something’ is still not happening”. Which is extra shitty if I got the notification late evening local time.

I have friends/neighbors that I trust to swing by and push a button in the event I need to bring it back up before I get home. But if I have reached the point of “it is possible my wireguard credentials were compromised?” then I really don’t need to be able to download the next episode of ATLA NOW.

Never used it “in anger” but:

I have my firewall plugged into a metered outlet (plugged into a UPS). I have it set up to send me alerts if power draw increases beyond a certain threshold. I’ve tested it and wireguard is measurable (yay) but so are DDOS attacks. If I get that alert, I can choose to turn off that plug and take my whole network offline until I get home and can sort that out.

Gotten a few false positives over the years but mostly that is just texting my partner to ask what they are doing.

Oooooooh.

Thanks. Will take a look to try and figure out their terminology for this.

I think that is the seat based one I see recommended all the time.

I understand that hub and spoke models are inherently questionable security wise and switching to a mesh based approach is probably the answer. But it tends to make for a mess of needing to make sure my various “homelab” servers are aware and so forth.

Never really thought about it but: What is the deal with porn scene releases these days? Are we at the point where just ripping a vod counts? Or are there still enough DVDs being released to justify a full group?

Then as long as you aren’t trying to sell anything: It doesn’t really matter. If they are really that obsessed as to send a C&D to you then you just say “oh shit, sorry. I thought I had the demo version”, uninstall it, and move on.

If you are really terrified you can block domains and the like. But “students are going to pirate this” is pretty normal and expected.

Are you using nukex for business purposes?

If so: You are a REAL dumbass if you are using a pirated copy for that. Because even if we assume that no contract or business partner wants to audit your software, you are one watermark away from being a massive liability for whatever project you were working on. Because if a company/production “gets caught” with the sign of pirated software? They aren’t going to be on the hook. They are going to help organize the lawsuit against you because they have a contract that you didn’t read that said all your software was legit.

Pirate software for fun and education. Do not pirate it for business. Because you are “fine” up until you work with a company that is big enough to have to care. At which point you are radioactive because you are a massive liability to them and any other company that is big enough to have to care.