The car will still work if you take the radio out or put a faraday cage around it, maybe that’ll become a thing in the future, but that might fuck with the paid charging infrastructure for EVs. Doesn’t impact gas.

You should watch - Leave the World Behind

You might be right, but I don’t think it’ll be because their cars are the easiest to hack, it’ll be because they have the most cars out there capable of doing this and it’d be more impactful attack if successful.

(edit: Also they’d be able to exert the most control on their cars with the software/sensors available today at scale. E.g they could more easily have the car drive around until it finds a pedestrian to hit)

(edit: Further, you can make the most changes to a Tesla as they have one of the more (or probably most) advanced OTA update capabilities)

They are definitely a prime target.

I know the majority of you hate Tesla, but security is something they do take more seriously. They even take part in pwn2own to help find vulnerabilities.

All auto manufacturers should be taking part in that.

Nothing like winning a car to get people to try and break into it publicly.

Edit: Also details on the 2025 event in January just recently announced. https://www.zerodayinitiative.com/blog/2024/9/23/announcing-pwn2own-automotive-for-2025

Oh, well that’s a great warning. Glad they put that there.

And ya I already use signal.

Not that I DMd people, but I don’t think I knew that, so that’s good to know.

But also don’t mistake a not for profit as not being able to do something to aquire money to help pay for itself or the salaries of it’s people. They could absolutely be looking for ways to monetize this to a certain extent. A not for profit is not a charity.

I worked at a company that handled sensitive data and we always had to pay special attention to logs in code reviews to make sure someone wasn’t inadvertently logging something that could potentially be private.

What makes you so sure that the person hosting your instance isn’t monetizing it or trying to find a way to monetize it in the background?

Maybe they’re selling all these posts and DMs to OpenAI?

The pop up is slightly delayed as well, and I think its very intentional so you turn it on and then start doing an action and select something, only to select the update.

20 character all lowercase is very secure as long as its random words / letters that would make it unguessable by knowing you.

Edit: you could also prefix it if you think you’d have to read it

“This question is stupid fuck nuts house gravel neptune cow.”

The entity knows people will follow what they say for minimums. There’s already someone in the comment section saying they’re now fighting what these lax rules allow.

Edit: stupid product managers will jump at anything that makes it easier for their users and dropping it to 8, no special characters, and no resets is the new thing now.

But they mess that up with their 8 char rule

Verifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require passwords to be a minimum of 15 characters in length.

I’d they’d just said shall require 15 but not require special chars then that’s okay, but they didn’t.

Then you end up with the typical shitty manager who sees this, and says they recommend 8 and no special chars, and that’s what it becomes.

I think it’s pretty idiotic to

Verifiers and CSPs SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords.

They might mean well, but the reason we require a special character and number is to ensure the amount of possible characters are increased.

If a website doesn’t enforce it, people are just going to do a password like password

password is a totally valid password under this rule. Any 8 letter word is valid. hopsital for example.

These passwords can be cracked in seconds under 10 minutes, and have their hashes checked for in leaks in no time if the salt is also exposed in the hack.

Edit: Below

Numbers from a calculator with 8 characters using sha2 (ignoring that crackers will try obvious fill ins like 0 for o and words before random characters, this is just for example)

hospital 5m 23s

Hospital 10m 47s

Hospita! 39m 12s

Moving beyond 8

Hospita!r - 19h 49m

Hospita!ro 3w 4d

Hospita!roo 2y 1m

Hospita!room 66 years

The suggestion of multiple random words makes not needing the characters but you have to enforce a longer limit then, not 8.

At least with 11 characters with upper case and special characters if it was all random you get about 2 years after a breach to do something instead of mere weeks. If it was 11 characters all lower case nothing special you’d only get 2 months and we are rarely notified that fast.

what is wrong with this world, wow.

Well I know all transactions have fees, I meant a fee charged as a commission to transfer it that goes to the developer.

Wallets get compromised, you might upgrade to a multi sig wallet or make a new shamirs secret sharing wallet. You might want to get more privacy after leaking your identity. All sorts of reasons to change it. Having to pay an extra 4% resale fee or whatever it is doing that wouldn’t be acceptable.

How can they force that and not also force a fee to move it to a different wallet you own?

People change wallets all the time and putting a fee on that would be inexcusable

If it’s a networked game, but there’s no reason a offline game shouldn’t work other than incompetence.

Also since the NFT is the DRM the game could be available for download outside of the publishers purview, such as a public torrent site.

You could sell the NFT and lose access to the game just like a disc

You wouldn’t be able to modify it as the nft would just allow you to download (edit and run) the game.

Edit: But allowing people to freely resale their digital copies would be a big win for people. No gatekeepers just like with discs

Alternative Facts, not disinformation.

In less than a day of training, both participants broke the record of all previous implants for a game which tests your ability to select items In a grid

Today, Nolan would probably beat you at that game even with you practicing for (edit quite) a bit.

Hate the man if you want but this isn’t the same tech that anyone can get and use that’s 50y old.

// I told them I'd do this but only if they gave me time next sprint to fix it  - 12-03-1997