I don’t think you should be downvoted tho. Reasonable and correct opinion from a (guessing) security professional.

The 20 year smart devices argument should be the norm, imho. We have way too much e-waste as it is. Although that would also mean that smart devices should include that in sales calculations.

The firmware flashing before EoL brings a tear to my eye from the elegance of a solution. Also manufacturers would have to stop with other anti-consumer practices like serialization and scrubbing identity markings, otherwise reversing could be too costly.

The point I was trying to make, is that if the device is sold and the consumer is the one with physical access, the device should be treated as compromised. You are correct about minimizing attack surface and blast radius.

The thermostats EOLd before the 20 or so years is more directed in breaking the trust/expectation of the consumer/client. No one reads the EULA. It’s a deep can of worms.

You are correct that the device still works, excluding the cloud services, not denying it.

Edit was because it’s uncalled for. Hoped you wouldn’t have to read it. Sorry about that.

The article makes a presumption, that the active listening is actually sending voice data as audio. Then tries to splurdge, that “acsthually it’s other data”

Then tries to splurdge, that they would require to download all “wanted” words as keywords, and it wouldn’t be feasable.

Not like you would only need some words of intent “I would like to (enter 10 s of transcription)” and just hit send.

The whole article smells of washing, and the question is directed to other people, who maybe followed the story more closely, and actually has the idea what exactly is “active listening”. Maybe someone reversed engineered it.

Thanks for your useless comment

Wasn’t the whole CMG active listening about sending transcription data only? It’s not like it can’t be done directly on the device…

It’s insane how many posts I steal from you just to uplift the days for my friends. Thank you!

Why would you care about an insecure device connecting to your servers if the server is connected to the internet?

Any packet can be from an attacker and your server has to deal with that regardless if the computer you’ve sold is the one attacking.

Sounds like security through obscurity. Or some shit manufacturer says to force users to upgrade.

You might argue it’s there to protect the user from state actors attacking during winter. Which would be fair. But they did not disclose the actual reason why they EoL’d the device as insecure, seems shady.

Still the correct response should be retuning probably half of the money for the device to any user that proves ownership, instead of this entrapment. No one buying a thermostat expects it to work for only 5-11 years.

Nintendo is extremely aggresive when it comes to intelectual property.

There is an argument to be made, that IP laws are too powerful giving exlusive rights for shit ton of time (170 years or sth like that)

The law basically is there for corporations to force small companies out of business and keep their monopolies.

So just excersing a law written by the rich for the rich, for them to stay rich is evil. And by extension the company is evil. And by extension, not supporting the company is inherently good.

You can be principled on multiple fronts at the same time, food for thought…

Steam deck is as plug’n’play as it gets. With direct steam game purchase you just play.

Where do you see more fuss?

Where does one just use such edition?

I love how this trancends language barriers

This graph is strange to say the least. Are there reasons why it doesn’t add up to 100%?

Interesting, although most info about cluster munitions I’ve read were tube artillery (the leaving convention part). Since tube artillery has little in path correction. (There are a few, but most of it is not)

The countries will have to purchase or produce the ammunition, because they don’t have it stocked. Though.

Just to be clear:

I completely agree that fragmentation-based ammunition is much safer for everyone involved.

I can also agree how it might have some additional Effectiveness in offenisveness, just because your not mining your path forward at the same time.

I also agree that such artillery might have little use against combined-arms based combat USA uses.

But I’m yet to see proof, that it beats air released cluster munitions, when trenches or foxholes are involved. A.K.A. The Great War style warfare. (Which Russia seems to be oriented with)

Also with current transparent battlefield, any artillery and single-use drones reign supreme. So with the new META changes it does feel that we’re arguing about nothing substantial at this point.

Anti personnel mines are used together with anti armor mines. They provide the crucial element of slowing de-mining by not allowing infantry (mobiks) doing that by hand. Used alone you could argue, that they are not so effective, but that works for any weaponry.

My argument is use whatever weaponry is effective. Even if it is old technology. Would be stupid otherwise.

Also arguing for rocket artillery to replace casual artillery is… Strange. Rocket artillery is expensive and it’s ammo is used up very quickly. I doubt any country can allow itself avoid regular artillery.

Cluster munitions and anti-personel mines are effective AF, seeing how the Ukrainian-Russian war is progressing.

The countries in question will create additional factories just for these bad boys. The old stock if any is pretty much useless.

These things are dangerous for civilians, but far less than an aggressive nation by your doorstep. Notice how all the countries border Russia?

It is useless if you have air superiority, but only US has that, and no one believes they’ll honor article 5.

At least Biden support is continuing

There are like a thousand different cloud providers. They provide exceptional services, even for better prices. Just google your local VM providers.

For the Visa/Mastercard EU has instant bank wire transfers, all you need is an IBAN.

The hardest switch is everything that is Windows-based IMHO. So much software is written for x86 Windows it’s not even funny.

Pretty funny seeing it happen for the second time

SEPA and Iban. It’s as simple as it gets. Also much more secure considering it’s a push payment instead of a pull one.

For easy payments, there is this: https://en.m.wikipedia.org/wiki/EPC_QR_code