Not this bug in particular as a single bug bounty, but as an entire codebase audit that exposed multiple bugs? Sure.

Which is easier to make? The one I don't even have to make, I already have.

Which pizza is easier to make, the premade pizza that's already ready to eat and is right in front of you, or the pile of ingredients in the pantry and fridge? Uhh...the pizza in front of you ready to eat? Put it on a plate and eat, it's there, it's ready to go. And practically everyone already bought their pizza and it's already in front of them.

And no, you didn't ask which is easier to make.

> What's easier: to obtain state ID, or to sign up to a website with your preferred username and password?

Where's the word "make" in that?

> Well, suppose you were to lose your ID and/or your SIM - do you think you'd be able to renew them and regain access to your stuff in the same amount of time it's taking me to write this now?

Well, I'll end up wanting to replace that ID and SIM for once again a multitude of other reasons, so having that identifier tied to that really doesn't increase any complexity. Its really not that big of a challenge for billions of users, its something they're going to already do. When the school needs to urgently get a hold of me, they'll call my phone number not refer to me by some handle on a jabber server with a population of one. This same thing applies over and over and over and over for tons of people.

Meanwhile if I've got other accounts tied to other processes that get lost in their own unique ways, I'll have separate issues to get those unique identities recovered. Sounds like more work, not less work.

You now owe me 20,000,000,000,000,000,000EUR, but since I'm not an actual cyberstalker, I won't be chasing you down to collect. So relax. Such a useless thing to add to the conversation.

I've answered it twice. Its easier to use the thing you already have than it is to make something new. Is that really difficult to understand?

> you could've registered a brand new account with username, password, email confirmation, and OTP 2FA, on any service that supports those

And then spend the many, many, many hours to share that new unique identifier with all the people I want to talk to. Or I can just continue using the same identifier they already know me by and have known me by for decades.

> I guess you've never seen bad actors buy fake ID/SIM accounts as quickly as you can block 'em

Whaaaa I thought you just told me a phone number is such an incredibly hard and challenging thing to get, now you're telling me anyone can easily get them anytime they want?

So phone numbers are incredibly challenging to get and yet people get them all the time easily. Otherwise, if phone numbers aren't hard to get and anyone can just freely get them what are we even really debating about?

For billions of users, having a phone number as their identifier isn't a challenge and is for sure the easier process and having to make a new unique identifier is a bigger deal and introduces far more roadblocks to effectual adoption. Its why WhatsApp uses it, its why iMessage uses it, its why Telegram uses it, its why WeChat uses it, and many others.

I guess I'm only allowed to have The Masked Singer on while I make dinner.

What's easier, using a tool that's already in your hand or going to the tool store, searching for a new one, and swapping to that one? Just using the tool already in your hands, that you're already using, that you've been using for a long time.

It's exactly what you asked, just not the perspective you cared to look at.

Their shipping was pretty incredible. I'd drop one off early morning pickup at my college campus and have another DVD the next day aternoon in my mailbox sometimes. It was crazy how fast I could turn over discs.

On top of that so many other things just inherently expect one to have a phone number. It would be somewhat odd to not have a phone number for most of the people I know and talk to through platforms like Signal.

So to your question of which is easier, having the state ID and a phone number is easier because I'll already have that for a multitude of reasons.

If you live in a place where its rare to have a phone number, then yes I agree Signal probably isn't a good choice.

A service I'm using its public IP for, routing through public network connections over the public internet, but somehow its not public networking its private networking despite private networks not really being involved. Got it. Having firewall rules suddenly makes it private networking, somehow.

> remember or bookmark a port number for each service

Or just don't, because I've got quintillions of public IP addresses just lying around. I can even have multiple instances of the same service running on the same box all running the same standard port numbers because I can just grab yet another IP address all day long. Why limit myself to having to memorize weird ports when I can just use the standard ones?

Outside the home, in other words in networks other than at home. Potentially without VPNs. Accessible from other public IP addresses, potentially limited scopes of those.

It seems you're thinking that allowing the traffic from other public networks is an all or nothing thing. That either you allow all public network traffic or none of it. That's just not true. If I know my office network is one prefix, and I know my friend's house is another prefix, and I know my cellular carrier in my city is usually this prefix, I can greatly limit the scope of access. It doesn't have to be an all or nothing, either its open to every single other device or only local devices, I can define exactly which networks or devices I want to allow the traffic from or not.

If I wanted to just let my friend's network audio receiver to connect to my music server, I can add it's public ip address and allow that traffic. No VPNs, no tunnels, no proxies, no non-standard port assignments, just directly allowing it to talk to the music server. All through the public internet, but still locking down my music server to just local traffic and his remote network audio receiver.

That's all still "public" networking.

> In most parts of the world, I think, IP changes every time you restart the router, even IPv6.

Often not with IPv6, prefixes stay pretty consistent usually. Not always true, but often true. I've had the same prefix for many, many years at multiple locations and multiple providers without having any kind of payment for static IP addresses.

> So let it. Forward your own chosen port to 443 of the machine with the service.

So now I have to remember the port for local and the port for remote along with different IP addresses for both, or I can just use the normal service port and the same IP address either way, and have one DNS entry for that IP address and it works anywhere I want it to.

> But let me know how much you like it after your first cryptolocker.

Entirely a tangential, unrelated point once you understand how things like "firewalls" actually work.

> I suppose your backup storage is also public on the internet

My most important backups are offline and offsite. But for other stuff, yes, it has a publicly routable IP address. Its not generally accessible publicly though. There are these things called "firewalls", they're really quite neat. One should also think about authn/authz as well next time you're working on your storage solutions as well, it'll do a lot to prevent cryptolocker issues you're so worried about.

For instance, AWS S3 is all technically accessible publicly. Its locked down by policies, not by NAT limitations. And yet its generally seen as a very secure place to store things, assuming one has the right policies in place. It doesn't take it being behind a NAT to be secure, because if that's the major part of your security posture preventing your stuff from getting cryptolocker'd you're doing things very, very wrong.

> I use bookmarks

Ok, and you hop on someone else's computer and...where are my bookmarks? Oops! Or I want to connect back to my media server from a friend's streaming device...where are my bookmarks? Oops!

And once again I bring up things like game consoles and other P2P applications which just work far better with actual publicly routable IP addresses directly. Strict NAT configurations will often cripple these services and good luck trying to have multiple consoles operating at once. CGNAT makes online gaming for some of these consoles just completely unusable, but if we just supported IPv6 it would have no problems.

Flock's headquarters and largest offices are in Atlanta. They also have an office in Boston.

Ring's headquarters were in Santa Monica until post-acquisition they moved to Hawthorne, CA.

Arlo's offices are in Carlsbad and San Jose. Ok, finally an office in the Bay Area (one of two main offices), but still not San Francisco.

Maybe we haven't seen many products available on the market to take advantage of it because the current standard of NATs make such things practically unworkable?

Its pretty much impossible to ship smart home stuff that is hosted locally (i.e. not without it connecting to some cloud service) because people want to access these smart devices from outside their home. They're not likely to configure a VPN to connect home, they're not going to configure NATs in any workable fashion (or may be unable to, such as CGNAT), the applications probably don't want to have to handle having NAT hairpinning issues, etc.

So instead we continue down everything that's popular being something that requires a cloud proxy/relay (because that's the only way things actually work for most people), when in reality if things could just be public we could do a whole bunch more and empower people to easily host things themselves.

They're services I wish to consume outside my home

> they are NOT expecting certain ports

Damn near everything expects to be HTTPS/443

> Public means that a random guy on the internet is able to connect to your service without any prior knowledge about it

Public just means I have the option to allowing that traffic or not. I can choose to filter it through a lot of different means. IP filtering, authentication, etc.

> each of those services can have its own port

So I change having easy to remember names for weird odd ports and hope all the other applications handle these changes fine and deal with odd port forwarding issues.

> You shouldn't expose that stuff on the internet, even with a firewall. Use a VPN if you want access when you're away. Or a SSH tunnel. Or at least port knocking.

Wouldn't it be nice to have the option to not have to rely on such things and just be able to connect to things directly? And to have that identity stay consistent both in and out if the "local" network?

ipv6 is awesome.

If the capability of making a bomb is enough to allow bombing them, and every country has the capability to make a bomb, than what is the rubric again? When do we stop bombing?

As stated by the people committing the violence today and threatening massive civilian death and destruction, Iran's ability to achieve the bomb was already destroyed many months ago.

I've had game consoles with matchmaking issues with multiple consoles fighting over the same collection of ports

Very untrue. There are several providers in the US which offer 10Gbit services. Many more offer 2-5Gbit services pretty broadly. I've got friends in Kansas City with 40Gbit residential service. Sonic also offers 10Gbit in California.

Those large US cities really aren't anywhere near as dense though once you're comparing the actual MSA (US) or FUA (EU). The population densities of those actual whole areas are nowhere near the same.

For comparison relevant to this article, only 25% of the Swiss population live in single family detached houses. About 60% of US households live in single-family detached housing.

https://www.bfs.admin.ch/bfs/en/home/statistics/construction...

Zurich and Milwaukee both have ~1.5M people in their Functional Urban Area/Metropolitan Statistical Area. One has a density of ~750/km^2 and the other is ~418. Guess which is which. Or compare Lausanne to Modesto CA. Both have ~550k populations. One 637/km^2, one is 144/km^2.

Such big and dense cities we have here in the US!

Either way though, I do think its often less to do with population densities and more about political will of the local populace and regulatory capture.

I have family that lives in a pretty newly developed area in the middle of an already well-developed area with tons of homes having fiber-to-the-home. The local cable company managed to convince the builder to let only them install coax services to these homes. Now it will cost the fiber company a lot more if they want to eventually go into that neighborhood, so they haven't bothered.

You see the same thing with pole attachment rights in our cities. Incumbents shut down competition and prevent those who push for change.

https://en.wikipedia.org/wiki/History_of_the_trucking_indust...