Right, it depends on browser support. You wouldn't want the JS to have direct access to the private keys anyway. In the TPM-based scheme the TPM would just hold a master key, not one for each site. Any number of site-specific keys would be stored outside the TPM, encrypted with the master key, and loaded into the TPM temporarily to complete the challenge.

Browsers are already implementing support for WebAuthn but so far as I know it only extends to support for hardware keys. We'd need to implement a purely software-based authenticator in the browser for the client-side password scheme to work; then any site supporting WebAuthn for login (without attestation) would be able to use it automatically.

Not sending the raw password to the server is a good start, but implemented naively this just means that the hash becomes a sort of password: anyone with the hash can authenticate, even if they don't know the password the hash was based on. A better system is to apply a password-based key derivation function to produce a public/private keypair from a single master password and some unique public information about the site, such as the domain name. Only the public part is communicated to the site. To authenticate you sign a single-use, limited-time challenge proving that you know the private half of the keypair.

One of the best things about this is that the password part isn't strictly necessary—it works equally well to have the keypairs stored in a TPM or hardware security key, and the site doesn't see any difference. The form of key management is ultimately decided by the user. Sites just need to support something like the WebAuthn standard (without mandating the remote attestation anti-feature); the rest of the UX is up to the user agent.

The bigger issue is knowing what kind of state(s) the other parti(es) are in; generally the rules of the stricter state(s) will apply. It's simpler to just make sure that everyone consents.

P.S. If the other party says that the call may be recorded, for example with that ubiquitous "for quality assurance" message, that implies that you can record as well. All that matters is that the conversation may be recorded, not who is doing the recording.

You are attempting to deconstruct the idiomatic phrase "well regulated" by referring to the dictionary definition for the lone word "regulated". Surely you can see the error here? The phrase "well regulated" has—and more importantly had at the time this was written—its own well-understood meaning (functioning as intended) which is completely separate from how "regulated" or "to regulate" might be used on their own.

As others have pointed out to you, repeatedly, this is not merely the word "regulate" which was sometimes used to refer to government control even in the 1770s but rather the idiomatic phrase "well regulated", which is a very different matter. In "1770s English" the phrase "well regulated" was not used in reference to government control, but rather to a device or system which was functioning as intended.

It frankly doesn't matter whether you use the modern meaning of "militia" or the old meaning, because the right to keep and bear arms isn't limited to members of the militia. This subject is therefore a red herring.

The old meaning of "militia" is relevant for understanding the purpose which the authors had in mind when writing the 2nd Amendment, and which the members of the Constitutional Convention consented to in ratifying it—that's all. For that purpose the sex & gender of the members of the militia are not particularly relevant. In practice the composition of the militia is determined by Congress and can be changed through legislation; there is no need for this "living document" nonsense where the words mean just what you choose them to mean in the moment. A true living document changes over time through the amendment process, not mere reinterpretation. If you want to adopt a different meaning than that intended by those who originally ratified the amendment, propose your own revisions and put it up to a vote.

If the NFT is minted properly (unlike these so-called "NFTs" from StockX which have no metadata, much less any link to an image, much less a hash of the associated image file...) the buyer of an NFT can just save the file(s) themselves and ensure that they are made available (pinned) in IPFS when they want to sell the NFT or show it off. An IPFS URL is determined by the content, so it's only permanently broken if the content no longer exists anywhere. There is no need to rely on anyone else for hosting. Even if the IPFS network shuts down you can still use the content ID (hash) to prove that the file matches the NFT metadata; it just becomes a more manual process.

Of course if you pay good money for an NFT which just links to someone's private web page which can change or shut down at any time you probably shouldn't expect that to retain its value for long. One would hope that anyone paying a significant amount for an NFT would practice due diligence and investigate the contract & metadata, as well as the seller, before making their purchase. And of course only pay for actual on-chain transfers of ownership; StockX never transferred any of the tokens they minted to the buyers, so what they were selling was more-or-less the idea of an NFT, but without involving the NFT itself in any way.

Normally, yes, but in this case that doesn't seem like it will be a problem since—so far as I can tell—StockX only minted the tokens. They never transferred them to anyone else, so there are no other private keys involved. If you "bought" one of these tokens you weren't actually the owner registered on the Etherium blockchain, and you couldn't trade them outside of StockX's "Vault" system where they maintain their own separate, off-chain "ownership" records. There doesn't seem to be any metadata for the tokens either, much less IPFS URLs or hashes for the images. They're just a set of unique numbers with no additional identifying characteristics. Their site doesn't even mention which token goes with which item: they just link to the generic page for the (unpublished / unverified) contract common to all their tokens.

In short, these are barely NFTs at all.

I think in 50 years we'll still know how to verify that a given file matches a 2022 IPFS content ID, whether or not IPFS is still in operation or using that form of ID. It is unlikely that the algorithm would simply be lost. The actual means of sharing the file may differ, but it's easy to assemble an index to translate between different IDs as long as you have the original file. Some manual work may be required if the format changes but that doesn't make it completely unusable.

The NFT owner, or any other interested party, could just keep a copy of the file offline. An IPFS content ID (hash) is normally used to retrieve the content from the network, but it can also be used simply to verify that you have the correct data. Also, anyone with a valid copy of the file can add it back to IPFS at any point with the same CID, making it available once again to the rest of the network.

There is also the fact that this is a trademark dispute, whereas the DMCA is for copyright claims. Presumably the NFT creator took the pictures in question and holds the copyrights to them. If so, those hosting the files on IPFS would be doing so with the permission of the copyright holder; moreover, they are not directly involved in the trademark dispute as they are not the ones allegedly misusing the brand. I'm not sure what legal theory could justify going after anyone hosting the files.

It's the NFT which is unique, not the image. Generally speaking the image itself is available to everyone, not just the NFT owner. This is something like the difference between cheap unsigned / unnumbered digital prints of a famous artwork and a signed & numbered original, except in this case the signature is the only difference—the images themselves are exactly the same.

It's a reasonably response for any potentially compromised account. It's not that Wikipedia doesn't trust this editor—it's that they can't be sure any future edits are actually from him following his arrest.

When he's once again free and clearly not under duress they can take steps to reactivate the account. I.e., after Ukraine wins this war and the former governments of Russia and Belarus are no longer a threat to anyone.

Even if RT is pure state-sponsored propaganda—and I'm not saying that it isn't—censoring it just makes it look like The Powers That Be(TM) are trying to suppress viewpoints they don't care for and hide things from their own citizens. It makes the propaganda that does get through (and most of it will, one way or another) seem much more convincing. Far better to inoculate people against misinformation with education and critical thinking skills, and provide well-reasoned, fact-based rebuttals to counter the lies.

Are you demolishing your current home first, or taking it with you? If you sell it to someone else—who will proceed to connect it to the grid and pay the state sales tax—like most people do when they move, I can't imagine the state or utility company being too upset to see you go.

The transmit power of 2nd-generation Starlink terminals is less than three watts. Most of that 100W will be dissipated as heat rather than going to the antenna.

The exchanges have never been "decentralized" OR "deregulated". Exchanges operate at the edges of the crypto ecosystem. They are not crypto itself, just one group of users among many. Because they interface with the traditional finance system they are both centralized and highly regulated.

It will be interesting to see whether certain organizations facing increasing difficulties with traditional markets start trading goods and services for crypto directly, rather than going through any exchange. Especially now that there are more bitcoins in circulation than rubles, by purchasing power.