That mitigates the problem but doesn’t solve it. If you want unlocking to be <1s and your adversary has 10k times the RAM and can take a month they can make 26 billion guesses. So unless your password is fairly high entropy it is at risk. Especially if they have more resources or more time. PINs are definitely out of the question, and simple passwords too.
If your encryption algorithm is secure, you have no use for automatic lock-out.
This isn’t true. You need your algorithm and your key to be secure. If the key needs to be remembered or entered often it probably can’t be secure. So brute force protection becomes very important.
If it’s not, automatic lockout won’t do much against an attacker with physical access to the device.
This isn’t true. Yes, with enough time and effort it is possible to extract any data from any device. But in practice physical HSMs do an excellent job at raising the cost of key extraction. I would much rather have an attacker steal my Yubikey than a USB with my GPG key lying on it.
The downside with doing encryption in software is that you can’t limit attempts. If you are using a high-entropy key this is fine. But getting users to use high-entropy keys has problems. If there is an HSM integrated into the device you can limit the potential guesses before the key is wiped which is critical without high-entropy keys.
A blog I follow recently had a good post about this: https://words.filippo.io/dispatches/secure-elements/
Of course you are still better off with a high-entropy key and software. But if you trade off too much usability in the name of security you will likely find that your users/employees just work around the security.
If your only copy of critical data is on a portable storage device you are doing so many things wrong.
Same here. I tried on the starter plan but had to upgrade. According to my account I have made 802 searches since January 4th. So 17.4 searches a day on average. This means that for a 31 day month I am looking at 620 searches.
I am also a heavy user of bookmarks and browser history. So I don’t rely on search to open specific sites (like searching for “facebook” which is one of Google’s most popular queries). So someone who is in the habit of using search for direct navigation is probably going to be a good chunk higher.
That being said I work on the computer and do a fair number of searches for my job. So I can believe that a light user is pretty comfortable at 300 searches a month. But moderate searches or people who use the search engine for navigation will need the unlimited plan.
I am currently subscribed and it is definitely a step up from other engines I have tried. The main feature is just that it seems to somewhat cut back the general blogspam and SEO fluff. It isn’t perfect but whenever I do compare it to Google, Brave or Duck Duck Go it seems to be ahead, or in rare cases similar.
The ability to lower/block sites is also quite nice. I also have a few raised sites, but that is really a minor improvement compared to blocking crap like Quora and Pintrest.
That being said the small plan is a pretty small number of searches so I need to pay for the unlimited plan which is quite expensive. I currently think it is worth it but it is definitely borderline value, not a slam-dunk decision.
I also have concerns about them focusing on things I don’t care about. Lots of AI features and a browser. I don’t want any of that, just focus on search, there is still lots of room for improvement, even if they are currently leading the pack.
I just added the search engine to my browser. I don’t see the need for an app when all of the results are going to open in the browser anyways.
If you are relying on Docker as a security boundary you are making a mistake.
Docker isolation is good enough to keep honest people honest but isn’t good enough to keep out malicious actors. The Linux kernel API is simply too large of an attack surface to be highly secure.
If you want to run completely untrusted software you want a VM boundary at a very minimum. Ideally run it on completely separate hardware. There are few exceptions like browser isolation and gVisor which are strong software isolation without a VM but docker or any Linux container runner is not on that list. If the software has direct access to the host kernel it shouldn’t be considered secure.
Well passwordless. But you can put it on an encrypted partition.
For low-cost I have been using RamNode. They are a pretty established company and provide HDD options which are great if you want lots of storage at a reasonable price:
https://ramnode.com/products/vps-hosting/#massive-kvm
They also have relatively good priced SSD, but it is obviously much more than HDD.
I think you hugely estimate what it takes to complete and correct a few words. Maybe you would want some sort of accelerator for fine tuning but 1. You probably don’t even need fine tuning and 2. You can probably just run it on the CPU while your device is charging. But for inference modern CPUs are by far powerful enough.
While Google isn’t generally good for privacy GBoard actually does this. IIRC they actually completely removed the sync service and your typing history is only kept on-device and Android backup.
However it is a bit of a privacy nightmare otherwise as many of the other features phone home. But last I checked (~4 years ago, worth checking again) the core typing functionality is actually fully offline and private.
So yes, it is possible.
I don’t really have a source. It is just me thinking logically about the system and many offhand comments I have read over time. Other than the privacy policy which I have linked.
I don’t know what you mean by “the source of this concept”.
Why I’ll need something like that?
IIUC it is mostly to avoid placing huge load on the original package host when people download the same package hundreds of times a day in their CI workflow. It also means that Google can take control over the user experience rather than huge issues coming up every time some smaller host goes down or someone deletes an existing package version.
Overall I doubt that this proxy was added as a source of tracking. And the privacy policy on the service is pretty strict: https://proxy.golang.org/privacy. So even though I am pretty wary of Google overall I think this is actually a fairly reasonable decision by them to have enabled by default.
Just virtue signaling. It’s not about the environment. It’s about sending a message.
That is sort of an assumption when talking about a list of the best countries.
The official advisory: https://travel.gc.ca/destinations/egypt
Me too thanks.
I guess I’m gonna have to pay off as much as I can before the renewal hits.
It was sort of obvious it was too good to last though. When it made sense to pay off your mortgage as slowly as possible because you expected better returns investing that money it means that something is probably wrong.
Yeah, the AI I am lukewarm on. I’m fine having them experiment, and it does seem that they are using it tastefully. It is something that I can see improving the experience in the future even if I feel it has little to no benefit to me now.
But yes, the browser just seems like a distraction.