If your device permits it, run raid on disc, and use nvme as cache. My Synology does this.

At the risk of sounding snarky, why is this a deal breaker? I can recover both bitwarden and my email if I was ever in a situation where I forgot one or both passwords. It also only occurs in a situation where you are signing into devices that you’ve never logged in to or purposely logged out of. I do use 2FA, but even if I did not it sounds like a lot of complaining about a situation that you should already be prepared for. Bitwarden could easily go down or your password vault could be corrupted or (at worse case) your vault compromised and passwords stolen. Make plans for such situations and you’ll realize this is mostly a knee-jerk reaction to a non-issue.

I don’t see anyone mentioning it, but what if you do forget (or don’t know) your email password? Is there absolutely no way to recover your account? I’m sure there might be some services that are that restrictive, but I’d think that most are recoverable with some extra steps, no? Unless I’m missing something?

I don’t live in NY but as I understand it, they had to offer this service to every qualified individual. They most likely didn’t have the option to only support certain or just existing customers.

Think of it this way: Had ATT the option to exclude, they would have and abuse it as much as possible. They can’t, so either they follow the law or take their business elsewhere. Leaving paves the path for another company or cooperative who does want to follow the new laws, rather than having ATT undermine at every opportunity. It hurts in the short term, but in the long term it helps. NY isn’t the first place to chase big telcomm out.

Yeah, no kidding. I would never be satisfied with infinite money, I’d need more!

I’ve also been involved in something similar. It costs a lot to expand infrastructure. Part of my job would be to plan and explain the costs associated with that. Wireless still needs a wired connection, and wireless still has connection limitations. You can’t just add more users and expect things to work. And you can’t just plop another receiver without it interfering with the others. It needs to be properly planned and something as simple as a building’s signal reflectivity can mess an entire project up. More towers, more equipment, more redundancy, more personnel, more cables, more power, and forking all the money to do all this within the time limit or face fines is a huge task. And that’s assuming it could even work on a technical level, sometimes you just can’t do things (don’t want to interfere with FAA requirements and such) and people don’t understand.

I hate ATT too, but from a purely financial and planning point of view, I’ve been there. You can’t just snap some fingers and make things happen just like that.

This sounds very much like what I read about how pilots on the front line rest. They would spend a lot of time in the air, and anytime there was downtime you took it. Some kind of research went into it and they came up with an entire process that would involve relaxing your body from head to toe, and then visualizing yourself somewhere else, like a boat in a lake or relaxing on a hillside. If you fail, you do the whole thing over. With enough training your mind becomes very adaptive and you can fall asleep faster and in highly disruptive environments. I believe it also had roots in meditation, where the more you do it the easier it gets.

Similar, I take another system I’m familiar with and use it as an excuse. I know how to program a Cisco router, but heck if I know what an iPhone is, I can’t use them at work. Virus? That’s what the help-desk is for. Look, I work with fax machines, telephones, and video conference systems. The platform I work on is so secure that if we mess with it at all, it disables and we have to have them sent back and pay a lot of money to get them fixed, and I’d lose my job.

Granted, if it’s something simple I’ll help, but I’m not about to troubleshoot aunt May’s login issues for Amazon from 300 miles away.

Pretty much, the only caveat I’d add is the assumption of ‘right of way’. You can have situations where road conditions were unusual but drivers are not certain to all the conditions. The involved parties can all assume they have the ‘right of way’, when in reality the best option would have been for everyone to yield until conditions ARE certain.

I’ll give a personal example: I once came upon an accident on a bridge, and the cop cars were already on the scene. It was night, raining hard and the cop cars were facing the oncoming lane with headlights set to high. I couldn’t see anything past the cop cars, so I slowed down from 50 to 25. As I passed, I briefly saw a shadow of a person and heard them say “SLOW DOWN”. I still have no idea how close I was to hitting them, but they must have been very close to hear them thru the rain and sirens. I should have gone much, much slower, maybe even stopped. Fortunately, nothing bad happened, but I had assumed that since the one lane was open that it was ok to use. I don’t know why the cop cars oriented themselves in a way to blind oncoming drivers, but had something happened, the fault would have ultimately been mine regardless.

Another example is parking lots, so many accidents occur at busy locations. People forget how you are not supposed to block ingress (to prevent traffic backing up into the street and making things worse) and get road rage because they can’t leave. I’ve seen people try to “squeeze in” and end up blocking an entire lot because they can’t move. One side will say “zipper” (ie: “my turn for RoW”) the other will say “right of way”, and parking lots are notorious for not having any signs.

Edit: and ofc, old ladies who think blinkers give them RoW

Edit2: an example for cops: blowing thru red lights without making sure intersections are clear. To be fair, everyone should yield to a cop car in the performance of their duties, but this doesn’t mean cop cars get a free pass for RoW and can plow thru full speed, damn the consequences. They still have to take safety of others in mind and yield if required.

Edit3: because I’ve had the discussion before. Yes, it’s semantics. RoW and FTY are the same thing. I’m only saying the phrase is being sunsetted, no Judge wants to hear someone say RoW. Some laws even use them together as “Failure to Yield Right of Way”. The goal is to prevent the mindset of entitlement, to make sure the clarity of safeguards remain in place.

deleted by creator

A note, not all states operate this way, but the concept of ‘right of way’ is going away. Judges do not like the idea of someone feeling privileged enough to make a situation worse. In general, they want to implement fail-safes and not fail-unsafe situations.

Edit: To add - we’ve actually had this for a while, it’s called ‘failure to yield’. The switch is actually being more driven by emergency services making things worse, which is kind of relieving given the general sentiment. Unfortunately it’s just another phrase for the same thing, semantics…but if you do go to court, you’re better off presenting who failed vs who’s entitled.

Similar. Two cases. First was taking charge of the entire Bases secure network upgrade because I was the only one who knew how the new devices worked. I ended up having to attend a meeting with a General and his staff and had to be chaperoned by an E5 because I was only an E3 at the time.

The second was my entire time working in White House Comms. Can’t talk much about it but I’m sure you can imagine how out of place it would feel.

Pagers are not guaranteed to be 1 way comms and bringing them into secure locations is a security violation. Additionally, depending on the classification, no unauthorized and undisclosed devices of any kind would be permitted, including any electronics or electronic media such as tapes, CDs, discs, etc. Even when I was issued a verified 1-way pager, I was specifically briefed I was not permitted to bring it into a classified location. Most of the highly classified SCIFS are shielded anyways, you can’t use it inside so it’s safer to leave it out, along with all other devices.

If your organization allows it, then (if federal) they are breaking the law and should be reported/up-channeled. If it’s corpo, you should bring up additional concerns with your security team.

Edit: Also, it goes without saying, current events are probably a good reason why pagers (and other devices) aren’t allowed in classified areas. While most focus on disclosure (getting out), we must not forget the risk of data/operations getting destroyed.

No judgements, hope you and your doggo is happy.

Close, but you are still trusting the device you own. If I were to compromise that device, I could capture that key and use it. Again, this is my limited understanding, but a zero trust solution works in such a way that the actual keys are not stored anywhere. During setup, new temporary keys are generated. A keypass binds to the temporary key for use of authentication. The temporary key can be revoked at any time for any reason, whether it’s due to a breach or routine policies. It can be as aggressive as it needs, and the implication is that if someone else (either you or an attacker) got issued a new temporary key then the other would not receive it. Using an incorrect temporary key would force an initialization again, using the actual keys that aren’t stored anywhere.

The initialization process should be done in a high trust environment, ideally in person with many forms of vetting. But obviously this doesn’t take place online, so there is the risk that your device is not trusted. This is why the process falls back on other established processes, like 2FA, biometrics, or using another trusted device. How this is done is up to the organization and not too important.

But don’t get too hooked on the nuances of passwords, keys, passkeys,etc. The entire purpose is to limit trust, so that if any part of the process is compromised, there is nothing of value to share.

Disclosure: Worked in military and this seems to be a consumer implementation of public/private key systems using vector set algorithms that generate session keys, but without the specialized hardware. It’s obviously different, but has a lot of parallels, the idea in this case is that the hardware binds to the private/public keys and generates temporary session keys to each unique device it communicates with, and all devices can talk with members of it’s own vector set. Capturing a session key is useless as it’s constantly being updated, and the actual keys are stored on a loading device (which is subsequently destroyed afterwards, ensuring the actual key doesn’t exist anywhere and is non recoverable, but that’s another thing altogether). My understanding of passkey systems is solely based on this observation, and I have not actually implemented such a solution myself.

From my understanding it’s the concept of trust. Basic passwords are complete trust that both ends are who they say they are, on a device that is trusted, and passing the password over the wire is sufficient and nobody else tries to violate that trust. Different types of techniques over time have been designed to reduce that level of trust and at a fundamental level, passkeys are zero trust. This means you don’t even trust your own device (except during the initial setup) and the passkey you use can only be used on that particular device, by a particular user, with a particular provider, for a particular service, on their particular hardware…etc. If at any point trust is broken, authentication fails.

Remember, this is ELI5, the whole thing is more complex. It’s all about trust. HOW this is done and what to do when it fails is way beyond EIL5. Again, this is from my own understanding, and the analogy of hardware passwords isn’t too far off.

It’s good that you were able to quote the regulations. You’re not wrong, I’m just apathetic; the question was more rhetorical. To be clear: I don’t have faith that this is strong enough to deter and/or that governing policies have enough teeth to enforce. I’d like to be wrong, but I’m not hopeful.

Or what? A slap on the wrist?

Given that Chinese fortunes aren’t fortunes and are usually proverbs…it’ll probably be something like “You can walk on water too, if it’s cold enough.”

Simple answer: No one set out to solve big problems (computers) like that. If you went back in time to make a transistor, you’d be solving the issue that was the problem back then. Generally it was how to recreate and transmit radio signals for further distances. Ironic, considering that was an analog endeavor.

Computers emerged out of the discovery of correlations with logic. Many, many incremental steps to make things better, faster, and more reliable slowly developed into what we see now. Transistors the size of your hand had fundamentally different purposes back then than the millions found in the size of your typical processor, even if they do relatively operate the same.