Passkey has an attestation feature, so that you can require a passkey comes from a known vendor. I've see the option to require it in cloud security configuration. https://developers.yubico.com/...

Does the car not allow him to specify a maximum charge rate? For overnight charging you really shouldn't need to charge at anywhere near 60A.

The end-to-end efficiency of hydrogen cars (25-35%) it terrible compared to battery electric (70-90%).

https://insideevs.com/news/406...

Home charging needs to become ubiquitous. Once people are use to it they won't want to go to a gas station or equivalent unless they have to, like on long trips.

It wasn't just a few bad certs, there was a whole set of issues. Here is Mozilla's list: https://wiki.mozilla.org/CA:Wo...

Check out issue N, it is particularly bad.

You are not understanding the nature of the attack. You statements are only true if there is no better attack on the encryption algorithm than brute force. Unfortunately that is exactly what this is. Go read up on ciphertext attacks.

I don't think we should cede the rhetorical battle by letting them call it "header enrichment."

I say we call it "tracking injection."

It would be interesting to see what would happen if you browsed a website with Content Security Policy headers on a Comcast public Wi-Fi hotspot.

The technology is new enough that the injection technology might not handle it and thus the browser would block the ad. But if they did, by changing the CSP headers, the website might have a stronger case for suing Comcast since they would be explicitly bypassing a security technology.

Here is a good rebuttal article: http://www.intactamerica.org/aap2012_response

Are you familiar with the discussion around Full disclosure? There are good reasons to publicly release vulnerabilities and if people were made legally liable for doing that, it would probably decrease our security in the long run. Assuming the information Renderman released points to an actual vulnerability, the FAA response shows the exact reason why full disclosure is necessary.

Except that the source code does not seem to actually be available. The download page that is linked from the license page does not say anything about source code except how it is licensed. Looking at the source of the page shows a commented out section that talks about how to get the source code and links here. However the link to the source code on that page is dead.

Also, the license has an exception for the GPC code, which is free for non-commercial use only. Admittedly, I don't know how much functionality it enables in Paint.Net.

So I would say an MIT license without any actual source code available is less than free.