This is great. Now I can stick in a flash drive and be USERID 0 or part of whatever group is in sudoers file just be editing my home file... unless... in some way... I am still dependent on the equivalent of a password file... in which case one would question why this change is needed in the first place...

I bet a large percentage of the entities who hold the contracts do so with other peoples money. Retirement funds, mutual funds etc.
The 10% cut off the top for a management fee is where the scam resides.

One in nine will experience respiratory failure...
Wanted to work from home?
Non-essential services reduced?

Wait 10 more years until everyone else has given up trying to keep/exploit a 20 year old device on the internet

Just because it's (mostly) encrypted, doesn't mean it's not commonplace for a service provider to sit in the middle and do the ethical.
For HTTPS requested server name indication is still in plaintext at the start of the flow thus it's trivial to block HTTPS requests to wehaveawarranttoblockthissite.com
Plus many don't type the https:/// themselves so in that case a bad actor can possibly capture a visitors authentication/session cookies (if browser is dumb or cookies were set wrong).

I set up my home like this with a DSC panel and Evisalink or whatever it's called.

The Envisalink emulates an IT100 serial interface to the panel over IP so you can interface it with your own custom software. I wrote a PHP script that would watch the zones and turn on the insteon lights to 10% for 5 minutes when the local weather station's solar radiation index was a certain threshold.
It would also email me if the garage door was left open with no movement..

I recently looked at the code and wondered what I ate when I wrote it...

If the Linux default kernel options compiled in such a way that it turned your computer into a toaster, it shouldn't matter.
Pretty much every distro provides their own customized build and releases it through their own package management system.
A distro designed for use in toasters should be mindful of what features, patches and mitigation apply to them... conversely a server or desktop flavor should have specific applicable tuning. If you are running the wrong distro, that's another topic.
The job of a developer is to code with flexibility enabling or supporting the use cases of the hardware or software in it's ecosystem.
Also, disabling SMT globally is probably stupid. If you are concerned timing attack vectors from SMT in a particular application or in kernel space, you can mitigate such issues using CPU scheduling options such as isolcpus which will still allow you set the affinity of some SMT optimized applications onto a shared core. The operating system or hypervisor should be the broker of the memory or CPU resources when you are working with a hypervisor or operating system that properly supports it.

So can I obtain and unlock (through sketchy means) the automotive factory service software to reprogram the vehicle order to match the currently installed replacement hardware so that future reprogramming works as intended? And reprogram the hardware as required?

Decryption: The inaugural unwrapping of the new US present.

I for one welcome our orwellian ov+++NO_CARRIER

I think you mean best practices. You can't just update the routing protocol and expect people to use it properly.
You can't fix incompetence by simply changing standards all the time.

Really, this attack was made possible by a whole lot of incompetence at many layers.

In the end, DNS will likely fix everything...
https://www.rfc-editor.org/rfc...

Since data is trivially tiered especially when dealing with services the carriers provide in house, expect to be able to get cheap limited data plans with unlimited "Chat". Or you might find even though Chat uses data, the carrier might charge a small premium to have access onto their Chat infrastructure.

It might also be similar how you can get a LTE phone where the operators do VoLTE, yet offer plans without data or charge you for minutes at voice rates instead of the VoLTE data rate.

Ted Stevens, is that you??

Assuming it's an air-gapped system you've already been able to silently install malicious software onto once before, that is located in a building you can get close to the power infrastructure before the transformer... there might be better, more efficient ways.