I have been able to "smarten" dumb appliances by plugging them into smart power switches. For less than $8 each I bought a couple boxes of smart switches from Amazon, then reflashed them with Tasmota -- no more cloud! -- and joined them to Home Assistant. Now any device I want to be smart, I plug it into a smart switch and monitor the power.

One of my scripts monitors the power draw on my dryer, and when it goes above 100W for a minute then drops below 10W for 15 seconds, it knows the cycle is done and alerts us to go down to the basement and take out the clothes before they wrinkle. A similar script monitors the washer.

The refrigerator's plug has a script alert me when the average daily power draw is higher than normal. I added that after my son called me from his most recent vacation and said "my refrigerator is using more power than it should, can you go check it?" Sure enough, their freezer door had been left open by their toddler. Of course the food was already thawing, but we cleaned it out a week before they would have come home to a house full of rotted food stench. And before you ask, yes, when I installed Tasmota I configured the switch to be "always on", so that even if Home Assistant thinks it would be a good idea to shut off the refrigerator's power, it can't.

I also have a small water pump on a smart switch. Normally the pump draws 36W, but when it runs dry it draws 30W. Now if the power consumption drops below 33W and stays there for a few minutes, it shuts off the pump and alerts me that the water is low.

So I get what I need -- timely information about the equipment in my home, automated reactions when things go bad that might keep things from getting worse, and no cloud involvement from any sleazy appliance manufacturers. And an $8 plug is a lot cheaper than paying a $400 premium for a "smart washer".

Tuya's become a nightmare to deal with. They've decided they fear local integrations because they're losing ad revenue when people don't use the Tuya app. They have been going to progressively greater lengths to prevent device buyers from bypassing the Tuya servers and running their stuff locally.

My understanding is you can no longer register for a free Tuya developer account that lets you set it up with the "Local Tuya" integration for HomeAssistant -- you have to have a paid developer account, if it works at all. And their libraries used to flash right onto an ESP32, but now they're encouraging developers to more secure chips, in an attempt to prevent end users from reflashing their own devices with firmware (like Tasmota) that no longer communicates via Tuya services.

I wouldn't buy anything Tuya with the hopes that it will someday integrate with anything else. If you buy them, expect them only to work with the official apps.

PKIs were designed for offline use. There are a couple hundred trusted Certificate Authorities that each issue a "root" certificate. These root certificates are distributed worldwide, in browsers, operating system distros, phones, etc. When you encounter a certificate in the wild, you have to verify the certificate before accepting it, which is done by checking what you can locally: is it expired? Does its DNS name resolve to the name on the cert? Does it have a valid signature? This means checking to see if it was signed by a CA certificate that you already have in your local trust store; if so, you can accept it without going online.

Not to say that the online component of certificate validation isn't important, but it's of varying importance depending on the risk level. When online you should check for certificate revocation, which is to check to see if a previously issued certificate has since been flagged by the CA as compromised and revoked. This can be done by looking for it on a Certificate Revocation List (CRL) published by the signing authority, or by querying the authority's Online Certificate Status Protocol (OCSP) server. But it's an optional step, and can be skipped in low-risk situations (such as being offline.)

It's just a shittier version of Theranos.

FTFY.

This was an economic choice. Icons are multi-lingual, meaning manufacturers didn't have to create dashboards with knobs labeled in dozens of different languages.

I think you've brushed really close to the real issue here.

The question isn't "Why is Firefox losing users?" The real question is "Why does anyone masochistically keep using Firefox when the devs are so arrogantly and willfully contemptuous of their core clientele?" The answer is singular: Firefox is not spyware. The Mozilla team knows they can do anything they want as long as they don't start sending our browsing habits elsewhere. We're literally a captive audience because we absolutely refuse to use a browser that feeds our data to a corporation, we demand privacy- and security-focused plugins (like NoScript), we need it to be open source so we can verify it's not violating our trust, and there just aren't any good browser options left.

What makes it particularly galling is that we know they ignore their own data. Look at Pocket. How many clients use it? Let's be generous and say 5%. (Alternate answer: the inverse of how many consider it spyware.) How many clients want them to leave the UI alone? Let's be meager and say 30-50%. They must know how much we hate what they do and yet they still prioritize the stupidest new ideas in favor of listening to their users.

That said, I bailed on Firefox back when the Waterfox fork came along. For years the add-ons were the only place to restore functionality critical for safe browsing that Mozilla had inexplicably cut, such as the status bar. But Mozilla's gonna Moz, and so they killed off the old XPI add-on interface; in classic Mozilla fashion they built the new add-on interface such that it was impossible to re-add those functions with new plugins. Giving up the classic add-ons was never a good option, so when Waterfox came out it was "jump ship!" So far, Alex has done a great job of merging in patches from Firefox that address security vulnerabilities, but that's a lot of work and I don't know how long he can keep it up.

https://www.rollingstone.com/p...

If they won't boot Alex Jones for inciting an armed simpleton to enter a pizza place demanding to search the basement for Hillary's secret child sex trafficking ring, they sure as hell won't boot Trump for anything.

"Focusing on users' needs" is not what the OSM Foundation does. OSM simply hosts map data in a database. That's it. Their only software is an API into that database, plus a web viewer and a couple of web-based map editors.

OSM does not make a mobile app, or routing software, or host a traffic conditions database. They didn't even write the rendering libraries that turn the map data into the image tiles you see on their own site! They use a renderer called mapnik. All those tools that exist today were built by independent third parties.Some are open source, while others are commercial.

The field is wide open for a Waze-like company to come along and use the OSM data as their map source. A couple have even been tried; I understand there's a fairly popular one in use in Germany.

Minnesota has always had pronounced extremes of weather, from -60F (-51C) to +114F (+45C). And this wasn't simply a single ten year rise in averages - the temps have been steadily rising since my childhood (several decades ago), back when we were Zone 2B. I was just noting that the last decade has not only continued the rise; but the old extremes no longer contain the current temperature range. Given that our average annual temperature has been rising by an average of 0.776F per decade, it's not all that surprising.

Also, we should be taking into account that plant hardiness zones aren't defined by the average temperature, but by the coldest minimum temperature experienced during a winter. It's those periods of extremes that kill off the non-hardy plants and animals, and that give the native plants the chance to outlast the invaders.

This has long been a concern of mine. Our area used to be in agricultural "Zone 2", meaning we'd usually experience a few day snap of -22F winter weather. This killed off a wide variety of non-native pests, such as those that arrived here on trucks and railcars from warmer clones during the summers. After a decade of record warm winters, we've been re-classified as Zone 4 and the transient beasts never die off now. So we've now got emerald ash borers; gypsy moths; new wasps, bees, and ants; and various roaches and snakes we've never had to deal with before, They're killing vast numbers of native trees and plants.

Reread the summary above. The card numbers weren't on an "internet facing database." They were taken by malware implanted in their cash registers.

I take many similar precautions, but not all. (I have some utilities on my iPhone and will purchase on my credit card through it, but i don't do banking on it.)

One thing I also do is distrust certain certificates; generally those I recognize as having been issued by countries run by despots. For example, I'll personally never have a need to a secure connection to any site in Turkey. So why should I trust their national issuer, when their government could theoretically abuse it to issue certs valid for any domain name? While widespread issuance of fraudulent certificates would certainly result in their removal from the browser and OS trusted root certificate lists, if they abuse their power to issue very specifically targeted certificates for spying purposes, they probably wouldn't get caught.

Just because Turkey convinced Mozilla or Microsoft to trust their issuers, doesn't mean I have to.

The nice thing is that the cops are buying license packages, so there is a supervisor - the company licensing the tool is counting every phone decrypted. Once the cops open 300 phones, they have to pony up for the next batch of phones. This means they're limited by money: they won't open a phone unless there's a reasonable expectation that it'll pay off. That will significantly slow down the "let's snoop on every phone" approach.