To do a supply-chain attack on Google's SDK would be much more expensive and less likely to succeed. Google isn't going to be the attacker.

The recent attack on AMI/Gigabyte's ME shows how a zero-day can bootkit a UEFI server quite easily.

There are newer Coreboot boards than Opteron, though. Some embedded-oriented BIOS'es let you fuse out the ME. You are warned this is permanent and irreversible.

F-Droid likely has upgrade options even in the all-open scenario.

It's really sad to see desktop apps adopt hamburger menus and things that make sense on mobile but make life harder on a desktop built for WIMP.

Thank you, Bill! Some days I'd rather be using your interface.

I wonder if they offer their customers source to keep the Busybox folks happy?

These are, of course, opportunistic targets and specific targets. Moving the ssh port helps with the former, but not the latter.

There is some economic cost with portscanning everything, but the bigger impact is that if you moved your ssh port you're more likely to also have turned off password auth and more likely to be running fail2ban and more likely to be running an IDS. Spammers don't want to deal with you making their livelihood more difficult. Poor spammers.

People who see brute force attacks chasing their port moves are probably specific targets. Ears up.

So you have to charge $1000 + ($40 * % of users who return + cushion) for the product. That means non-Stripe businesses can start to out-compete you on cost.

What makes it so that Stripe has such a unique position and can impact your costs and competitiveness to such a large degree?

> A small flat fee to cover network expenses would be more appropriate

That sure seems like the solution a free market in processing would settle on. Something is up.

Attack real problems on all flanks, but I don't think you can get an affirmative from Legal.

Do you have cryptographers on staff? The "technology as a contract" approach is to implement a homomorphic encryption technique to do your cross-site correlation without being able to unmask the individual who is using multiple sites.

That way you don't have to trust your users, customers, sysadmins, big-data people, LEO, OR creditors. Keep it as secret sauce, or even better, drop an open-source library on github to advance the state of privacy. I would like to be able to ask vendors, "why AREN'T you protecting users' privacy this way?".

"Document ID: 20190030475 Quantum Supremacy Using a Programmable Superconducting Processor The tantalizing promise of quantum computers is that certain computational tasks might be executed exponentially faster on a quantum processor than on a classical processor. A fundamental challenge is to build a high-fidelity processor capable of running quantum algorithms in an exponentially large computational space. Here, we report using a processor with programmable superconducting qubits to create quantum states on 53 qubits, occupying a state space 2(exp53) ~ 10(exp16). Measurements from repeated experiments sample the corresponding probability distribution, which we verify using classical simulations. While our processor takes about 200 seconds to sample one instance of the quantum circuit 1 million times, a state-of-the-art supercomputer would require approximately 10,000 years to perform the equivalent task. This dramatic speedup relative to all known classical algorithms provides an experimental realization of quantum supremacy on a computational task and heralds the advent of a much-anticipated computing paradigm. 20190801 August 2019 Copyright, Public use permitted Unclassified, Unlimited, Publicly available http://hdl.handle.net/2060/20190030475 CASI application/pdf Mandra, Salvatore Rieffel, Eleanor G. Biswas, Rupak ARC-E-DAA-TN71198 NASA/TP-2019-220319 Computer Systems"

Happily provided by Google. ;)

https://webcache.googleusercontent.com/search?q=cache:Ig1-Fl...

It's hard to believe they actually did the pre-auth - anybody here at PayPal reading this?