OK, Hans. I'll show you. Stand to your reft.
OK, Hans. I'll show you. Stand to your reft.
With open WiFi by default (!), sshd allowing root login (!!) and a pre-set fixed root password (!!!), I don't see how it'd work against local adversaries.
Local adversaries in the TOR adversary model sense, and that would of course be in the best case. Just saying that the device is practically just a L3 anonymizer VPN, but even that could be enough for some cases. This is assuming that they do not MITM HTTPS connections, or scrub even the plain HTTP, which I doubt.
This anonymizer works primarily against local adversaries. The target sites, and $deity forbid tor exit nodes, can deanonymize the traffic quite easily. In addition, it may not be plug & play in all regimes, as exemplified by the chinese tor blocks, which require manual bridge configuration.
I would also be concerned about life cycle management of such a box. Although, they could offer updates from a hidden service quite easily, as an unattended service it might cause some trust issues. Also, seeing how the tech appliance market works in most cases, I would imagine that it will not update its OS.
How strong is the key to your encfs? Where do you store the key, if not in your memory? Who has access to the encrypted blob? Does your threat model involve those people, or is it special in that sense? How generalizable do you think your solution is from the point of view of implementation difficulty and threat model uniqueness (scale 1-5)?
Bugmenot is rather interesting example, since it kind of shows that the cost of leaking a password can actually be negative (for the society).
A simpler approach is to have a few high-entropy passwords and append a value at the end that is unique to each website using some self-created rule for it that is easy for you to remember.
I would speak on how I do this but I won't for obvious reasons.
Easy for you to remember translates into easy for an attacker to guess. Whether you're adding random chars to the password string (entropy), or using your mangling rules (Kolmogorov complexity), the attacker effort to guess and your effort to remember will be the same in both cases. The other only being harder to estimate. Complex looking transformations may still have low Kolmogorov complexity, in the worst case your mangling rules can be approximated or short cutted with much simpler rules.
Except that you really cannot use a password manager for the critical accounts. Unless, it's a local one, and then its suddenly not that portable anymore. There is some promise in mobile phone based password managers, though.
With online password managers there is only your master password holding your passwords from the operator of said service, and that is in the best case when the service is implemented with client side decryption. How much entropy you can expect from a master password anyway? I would say that for most users it's around 30 bits maximum (under some near optimal password cracking entropy model). This translates to around 12 character pronounceable autogenerated password (one can only give upper limit for entropy for human generated ones). How long it takes to brute force it depends on the key derivation function, which is limited in strength by the maximum login delay.
However, you could use a password manager for the shit-tier accounts...
The repairman can do something else, if he is not actually creating value in his current profession. Sounds horrible, and it is to some extent. Pretty soon we'll discover that it will be best for everyone to just do nothing.
The supply chain for the replacement parts will have to be different from the B2B side of things. It will most likely also include a lot more human handling per unit. This all consumes resources, human labour is particularly environmentally unfriendly. Trained first world human labour even more so.
Fixing your own gear by yourself hides these cost from you, and you may even enjoy it so it does not matter. I have serviced a couple washing machines, and apart from blood everywhere because of sharp edges it is mostly fun tinkering. It is not for everyone. People tend to buy new washing machines when the drain pump gets clogged. That is still more about the people being less informed, rather than any conspiracy by the device manufacturers.
The obsession about major appliances is pretty much your own if you read back. Planned obsolescence is not usually even a phenomenon for those things. Still, many people could do with less well built ovens. It is quite hard to build those to fail, though. Majority of the things that people buy are small and dispensable. If majority does not mean the greater number of things, then my language skills have failed me severely and I apologize.
You didn't answer the question. Who do you know that collects major appliances they don't use? I'll accept saw a silly season news article about as know.
What is a major appliance to you might not be major to everyone else. There are people who use bread machine daily, and others who just stuck it in a kitchen drawer after buying it. You don't know anyone who uses his/her oven approximately once a year to burn a pizza to a charcoal?
You aren't thinking things through. For an example, the most common failure on washing machines is the clutch for the spin cycle. No matter how new the math, it will always be cheaper to ship a clutch to the local store than to ship a whole new washing machine.
There is no case where shipping part of an appliance costs more than shipping the whole thing.
Unless the other has a different unit cost because of, for example, individual handling. Or the distance that they travel is not the same because they have a different warehouse topology (being different items and all).
Go to the home depot. See the 2 dozen complete washing machines on display? Those are made of parts. They generally have more of them in the back or at least at a regional warehouse, ready for next day delivery to your home. It certainly wouldn't cost any more to keep all those parts exactly where they are kept now but in un-assembled form.
Furthermore, if the parts are reasonably standardized, they would need less on hand than they keep now.
And who would buy a un-assembled washing machine? Standardization is nice, until it limits your design choices too much or drives unit costs up for large series.
A first world repairman is NOT more resources than a first world unemployed man.
Broken window fallacy.
For instance, it can be logistically more efficient to manufacture more weak products instead of distributing massive amount of spare parts.
Yes, I can send a single penny to a friend in California. But that penny goes with a plane load of other items.
So, you throw the penny into a bypassing plane which goes to California where the penny drops inside your friends pocket? No individual handling required, just mass transport. No storage facilities, everything works in sync. It's almost like we would be living in a dream world.
All this time I have been a fool who assumes that logistics includes a lot more stuff. But apparently mass transport is everything that is needed to get the crude resources, shaped into a thing on the way, to hands that need it.
Who do you know that collects dishwashers, clothes washers and driers, water heaters or ovens?
There are loads of people who buy stuff that they use only once or twice. I've seen a lot of kitchen appliances that just gather dust. I too have a lot of things that I thought I needed but actually don't. Yet, the belief that I might need them in the future keeps me from selling them (perhaps erroneously). Who is the best person to decide which purchases are useless?
If the local hardware store stocked the replacement parts, the waiting time for repair would be shorter than the time to get a new one delivered.
Indeed it would. They would probably also be out of business quite soon.
If your argument were even remotely sensible, then the repair shop would be less efficient and would take up more space then the dealership.
When your car breaks up how long it will take for it to be repaired? Usually it is something like a week or two. The queue (receive buffer) of the repairm[ea]n, and the shipping of the necessary parts are needed because of the decentralization. With luck these happen in parallel. Your quality of experience will suffer compared to buying a new car that is already at the dealership and ready to go. Yet, repairing the car might be a reasonable trade-off, since the cost of replacing a car is high (the market for cars is not efficient).
Of course you can augment the repair shop with rental cars. But then you have moved an inch away from the fix-it-all utopia towards a replacement culture.
If the replacement cost would be approximately the same as the repair, it would be more tempting to just switch cars. For example, my personal car is a 500€ PoS, which I'll happily change once the first of the expensive parts with accumulated uncertainty will break down. When I bought the car I had the option between owning a cheaper one and not owning any car at all. Any regulation that would have guaranteed a longer life for the car would have made it more expensive. If the car breaks down, it will not cause only a slight inconvenience, so the risk is not a problem for me. Why shouldn't I be allowed to make my own decisions?
Spare parts take fewer resources to produce then building a whole new thing.
As to distributing massive amount of spare parts... why so massive?
If you are planning on fixing things on demand, you have to have a massive supply of spare parts. Some of those spare parts will end up being unused. The alternative is to ship them on demand, but that tends to cost more. With logistics there is no free lunch. You pay either in time or cost (environmental or monetary). Like the price of a used item is usually less than the sum of its parts, because of accumulated risk of something breaking.
Think about the numbers, you have around twenty everyday objects, and each of those includes many parts that are unique to a specific model. You are not alone in this world, so the next guy has his own set of stuff that will break unpredictably. Instead of having twenty items on sale, a repair shop has to have 20*a*b items. This could change with 3D printing but I digress.
You should get competition between companies to produce better longer lasting spare parts.
Buy our product, it lasts twice as long. etc.
Yes, precisely as they compete now with longevity instead of features.
There is no comparison between spare parts and replacing the whole thing.
Spare parts will always have a lower debt on the environment then replacing the whole thing every time some little part wears out.
Lower debt, if you discount the lower QoE, and the difference in labor costs. Add to the fact that a first world repairman will consume a lot more resources than many third world factory workers.
How can you possibly think that replacing a whole machine has a lower environmental debt then replacing a tiny piece of that machine?
Because that is how the market is organized currently. The market is good at optimizing resource usage.
What you're almost literally saying is that 1 can be a larger number then 1000.
No it can't.
1 is less then 1000. What you said is actually just making me angry with how wrong it is... I have a strong urge to rage and flame you because its so frustrating to hear an argument that is so obviously wrong.
Stop with that strawman. You are angry because the argument goes against your opinionated truism.
Can it be cheaper to replace a whole thing rather then a spare part? Yes. But that is because the machines are built poorly to accept maintenance. The parts are often welded or sodered together rather then fitted modularly. Furthermore, even accessing the interior of most machines is difficult because they're not built to be taken apart.
Change that as well as standardizing internal parts and labeling each and every little bit so that you can buy JUST that bit if you need it. And then you can take the machine apart easily, find the broken bit, buy just that, and fix it.
Or if you're not the handy sort, there will be a lot of local shops that will do it for you. Drop off your broken machine and pick it up in an hour good as new.
Fascist daydream of government approved devices. There is sense in fixing things, and regulations that would make things last longer but it will not work for everything. I would think that empowering the consumer to have better rights could be a better option.
"Here's something to think about: How come you never see a headline like `Psychic Wins Lottery.'" -- Comedian Jay Leno