If everyone has solar panels on their roof, you can still have the central grid and you can still share power from house-to-house, though.
Generally speaking, decentralized solar refers to a centralized grid that is heavily augmented with decentralized solar, not “truly decentralized” solar.
Having centralized solar doesn’t preclude a homeowner from also installing solar, and decentralized green energy has other advantages over centralized green energy.
less wasteful
Where’s the waste? If you collect more than you use, you can store it or send it back to the grid. If this is an efficiency concern (“you’re collecting less energy than the same amount of paneling would”), then it’s not really relevant as by that same logic, not having solar is “more wasteful” than having it.
The WHO recommended a minimum indoor temp of 18º C (and a max of 24º C) for health purposes (and assuming appropriate clothing) back in 1987 (and they still stand by the lower bound, though the upper is locale dependent - e.g., 21-22º in Boston vs 30º in Thailand), so I’m not surprised that dipping below that is unpleasant.
They aren’t. From a comment on https://www.reddit.com/r/ublock/comments/32mos6/ublock_vs_ublock_origin/ by u/tehdang:
For people who have stumbled into this thread while googling “ublock vs origin”. Take a look at this link:
"Chris AlJoudi [current owner of uBlock] is under fire on Reddit due to several actions in recent past:
- In a Wikipedia edit for uBlock, Chris removed all credits to Raymond [Hill, original author and owner of uBlock Origin] and added his name without any mention of the original author’s contribution.
- Chris pledged a donation with overblown details on expenses like $25 per week for web hosting.
- The activities of Chris since he took over the project are more business and advertisement oriented than development driven."
So I would recommend that you go with uBlock Origin and not uBlock. I hope this helps!
Edit: Also got this bit of information from here:
https://www.reddit.com/r/chrome/comments/32ory7/ublock_is_back_under_a_new_name/
TL;DR:
- gorhill [Raymond Hill] got tired of dozens of “my facebook isnt working plz help” issues.
- he handed the repository to chrismatic [Chris Aljioudi] while maintaining control of the extension in the Chrome webstore (by forking chrismatic’s version back to himself).
- chrismatic promptly added donate buttons and a “made with love by Chris” note.
- gorhill took exception to this and asked chrismatic to change the name so people didn’t confuse uBlock (the original, now called uBlock Origin) and uBlock (chrismatic’s version).
- Google took down gorhill’s extension. Apparently this was because of the naming issue (since technically chrismatic has control of the repo).
- gorhill renamed and rebranded his version of ublock to uBlock Origin.
Say I go to a furniture store and buy a table. It has a 5 year warranty. 2 years later, it breaks, so I call Ubersoft and ask them to honor the warranty and fix it. If they don’t, then I can file a suit against them, i.e., for breach of contract. I may not even have to file a suit, as there may be government agencies who receive and act on these complaints, like my local consumer protection division.
I’m talking about real things here. Your example is a situation where the US government agrees that a company shouldn’t be permitted to take my money and then renege on their promises. And that’s generally true of most governments.
Supposing an absence of regulations protecting consumers like me, like you’re trying to suggest in your example, then it would be reasonable to assume an absence of laws and regulations protecting the corporation from consumers like me. Absent such laws, a consumer would be free to take matters into their own hands. They could go back to Ubersoft and take a replacement table without their agreement - it wouldn’t be “stealing” because it wouldn’t be illegal. If Ubersoft were closed, the consumer could break in. If Ubersoft security tried to stop them, the consumer could retaliate - damaging Ubersoft’s property, physically attacking the owner / management / employees, etc… Ubersoft could retaliate as well, of course - nothing’s stopping them. And as a corporation, they certainly have more power than a random consumer - but at that point they would need to employ their own security forces rather than relying on the government for them.
Even if we kept laws prohibiting physical violence, the consumer is still regulated by things like copyright and IP protections, e.g., the anti-circumvention portion of the DMCA. Absent such regulations, a consumer whose software was rendered unusable or changed in a way they didn’t like could reverse engineer it, bypass DRM, host their own servers, etc… Given that you didn’t speak against those regulations, I can only infer that you are not opposed to them.
Why do you think we don’t need regulations protecting consumers but that we do need regulations restricting them?
“Supposed to” according to what?
If you’re in the US, Federal labor laws explicitly allow “meal periods” to not be paid, though short breaks must be paid. Neither is required to be offered to employees, though.
Source: https://www.dol.gov/general/topic/workhours/breaks
State laws differ, of course, and many states - e.g., California - have much more employee-friendly laws. However, even in CA, a meal period must be offered but isn’t required to be paid (unless it’s an on-duty meal break).
it’s still not a profitable venture
Source? My understanding is that Google doesn’t publish Youtube’s expenses directly but that Youtube has been responsible for 10% of Google’s revenue for the past few years (on the order of $31.5 Billion in 2023) and that it’s more likely than not profitable when looked at in isolation.
From the comments on the link someone else posted, it appears there is already a CA government-provided option:
If you are located in the US states California, Oregon, and Washington, see the MyShake app. This app is part of the USGS MyShake project.
One option I haven’t seen yet: You can set up a local file share on Windows or Linux and connect to it via the Files app.
Tons of laptops with top notch specs for 1/2 the price of a M1/2 out there
The 13” M1 MacBook Air is $700 new from Best Buy. Better specced versions are available for $600 used (buy-it-now) on eBay, but the base specced version is available for $500 or less.
What $300 or less used / $350 new laptops are you recommending here?
It’s more like paying the ticket without ever showing up in court. And at least where I live, I can do that.
The news sites can cover whatever they want. If their readers consume it, great - they’re writing to audience. Doesn’t mean we can’t criticize it when it gets posted here.
And when you’re comparing two closed source options, there are techniques available to evaluate them. Based off the results of people who have published their results from using these techniques, Apple is not as private as they claim. This is most egregious when it comes to first party apps, which is concerning. However, when it comes to using any non-Apple app, they’re much better than Google is when using any non-Google app.
There’s enough overlap in skillset that pretty much anyone performing those evaluations will likely find it trivial to configure Android to be privacy-respecting - i.e., by using GrapheneOS on a Pixel or some other custom ROM - but most users are not going to do that.
And if someone is not going to do that, Android is worse for their privacy.
It doesn’t make sense to say “iPhones are worse at respecting user privacy than Android phones” when by default and in practice for most people, the opposite is true. What we should be saying is “iPhones are better at respecting privacy by default, but if privacy is important to you, the best option is to put in a bit of extra work and install GrapheneOS on a Pixel.”
You think that Google Play Services is FOSS? Or that the version of Android on Samsung phones (as well as of most other Android phone manufacturers), including all baked in software, is FOSS?
Better than bad is still “better.”
If you’re talking about a stock Android OS on anything other than a Pixel, iOS wins in both regards. Stock on a Pixel, I don’t know that Apple is more secure, but if you’re installing apps via Google Play that use Google Play Services, iOS is certainly more private. Vs GrapheneOS on a Pixel, iOS is less private by far.
Have you looked into configuring them directly from your NVR? Or third party options? I did a quick search and saw a list of several that as far as I can tell can display Reolink streams (though I haven’t confirmed any can configure the cameras):
And some proprietary options that have native Linux builds:
Just sharing this link to another comment I made replying to you, since it addresses your calculations regarding entropy: https://ttrpg.network/comment/7142027
Ah, fair enough. I was just giving people interested in that method a resource to learn more about it.
The problem is that your method doesn’t consistently generate memorable passwords with anywhere near 77 bits of entropy.
First, the example you gave ended up being 11 characters long. For a completely random password using alphanumeric characters + punctuation, that’s 66.5 bits of entropy. Your lower bound was 8 characters, which is even worse (48 bits of entropy). And when you consider that the process will result in some letters being much more probable, particularly in certain positions, that results in a more vulnerable process. I’m not sure how much that reduces the entropy, but it would have an impact. And that’s without exploiting the fact that you’re using quoted as part of your process.
The quote selection part is the real problem. If someone knows your quote and your process, game over, as the number of remaining possibilities at that point is quite low - maybe a thousand? That’s worse than just adding a word with the dice method. So quote selection is key.
But how many quotes is a user likely to select from? My guess is that most users would be picking from a set of fewer than 7,776 quotes, but your set and my set would be different. Even so, I doubt that the set an attacker would need to discern from is higher than 470 billion quotes (the equivalent of three dice method words), and it’s certainly not 2.8 quintillion quotes (the equivalent of 5 dice method words).
If your method were used for a one-off, you could use a poorly known quote and maybe have it not be in that 470 billion quote set, but that won’t remain true at scale. It certainly wouldn’t be feasible to have a set of 2.8 quintillion quotes, which means that even a 20 character password has less than 77.5 bits of entropy.
Realistically, since the user is choosing a memorable quote, we could probably find a lot of them in a very short list - on the order of thousands at best. Even with 1 million quotes to choose from, that’s at best 30 bits of entropy. And again, user choice is a problem, as user choice doesn’t result in fully random selections.
If you’re randomly selecting from a 60 million quote database, then that’s still only 36 bits of entropy. When the database has 470 billion quotes, that’ll get you to 49 bits of entropy - but good luck ensuring that all 470 billion quotes are memorable.
There are also things you can do, at an individual level, to make dice method passwords stronger or more suitable to a purpose. You can modify the word lists, for one. You can use the other lists. When it comes to password length restrictions, you can use the EFF short list #2 and truncate words after the third character without losing entropy - meaning your 8 word password only needs to be 32 characters long, or 24 characters, if you omit word separators. You can randomly insert a symbol and a number and/or substitute them, sacrificing memorizability for a bit more entropy (mainly useful when there are short password length limits).
The dice method also has baked-in flexibility when it comes to the necessary level of entropy. If you need more than 82 bits of entropy, just add more words. If you’re okay with having less entropy, you can generate shorter passwords - 62 bits of entropy is achieved with a 6 short-word password (which can be reduced to 18 characters) and a 4 short-word password - minimum 12 characters - still has 41 bits of entropy.
With your method, you could choose longer quotes for applications you want to be more secure or shorter quotes for ones where that’s less important, but that reduces entropy overall by reducing the set of quotes you can choose from. What you’d want to do is to have a larger set of quotes for your more critical passwords. But as we already showed, unless you have an impossibly huge quote database, you can’t generate high entropy passwords with this method anyway. You could select multiple unrelated quotes, sure - two quotes selected from a list of 10 billion gives you 76.4 bits of entropy - but that’s the starting point for the much easier to memorize, much easier to generate, dice method password. You’ve also ended up with a password that’s just as long - up to 40 characters - and much harder to type.
This problem is even worse with the method that the EFF proposes, as it’ll output passphrases with an average of 42 characters, all of them alphabetic.
Yes, but as pass phrases become more common, sites restricting password length become less common. My point wasn’t that this was a problem but that many site operators felt that it was fine to cap their users’ passwords’ max entropy at lower than 77.5 bits, and few applications require more than that much entropy. (Those applications, for what it’s worth, generally use randomly generated keys rather than relying on user-generated ones.)
And, as I outlined above, you can use the truncated short words #2 list method to generate short but memorable passwords when limited in this way. My general recommendation in this situation is to use a password manager for those passwords and to generate a high entropy, completely random password for them, rather than trying to memorize them. But if you’re opposed to password managers for some reason, the dice method is still a great option.
A redirect isn’t necessary if you control the DNS servers. If you control the DNS servers, you can MITM the website for any visitor because you can prove that you own the domain to a certificate authority and generate a new, trusted HTTPS cert. (Depending on specifics this may or may not foil the anti-phishing capabilities of Passkeys / U2F.)