I went to a Catholic school and had to attend services. I thought that I was just bored, but I'm pretty sure that my yawning had more to do with elevated CO2 levels.

Having everything in RAM might also be better for security, unless you're encrypting the swap partition.

The contents of swap could be read after a power cut.

Are you really both-sides-ing this?

Yeah I am actually, I'm tired of carrying water for people who openly hate me.

Mine is Z-Wave, the next model up required an internet connection and a subscription if you wanted to access it from remote.

The HVAC guy probably thought that I was nuts for wanting the one that I got, since the price was similar. Six years later and I'm still controlling it from Z-Wave.

Couldn't they get that information by pointing a thermal camera at the house? Most windows and doors would leak enough to show this information.

Or they could watch the air conditioner fans to know if it's on.

Not having to go the house for that specific info and being able to create a shortlist of houses beforehand would be preferable I would think.

You would need an army of thieves going around and physically pointing thermometers and the ROI isn't there.

VS. just checking your computer once and going to the correct place. Heck, set up alerts and get notified where to break in next.

The odds of a house with a smart thermostat also containing cameras is pretty high, though.

This is probably true, though I think the most important part of planning a break in is just ensuring people aren't there.

Sure, there are cameras and the cops can respond and that's certainly a deterrent, but a few masks and a quick getaway renders them moot.

Instead of going around pointing thermal cameras they simply have a dashbord, by neighborhoods, property taxes, maybe even incomes and all that.

Smeg actually makes a toaster. It's expensive, looks cute, and doesn't work that well when compared to a far cheaper toaster oven.

This applies to most Smeg products. Which is a shame, they used to be really good and long-lasting.

I can't speak to their quality, but every time I see their name, I wonder about how they're received in England: Americans might generally be unaware, but "smeg" as a name doesn't land well there, as I understand it.

A UK comedy called RedDwarf used variations of smeg as a mild expletive quite liberally. When asked some of the producers claimed they made it up to get around broadcast rules, but most people think it's a shortening of smegma.

I guess we have to get creative again.

I actually think you're right here.

Resource constraints have often helped me come up with stuff that I'm actually proud of.

Absolutely. It's why I find working on a microcontroller with 1KB of memory so much more rewarding than, say, a Raspberry Pi.

Bitwarden's response [1] is interesting.

"All issues have been addressed by Bitwarden. Seven of which have been resolved or are in active remediation by the Bitwarden team. The remaining three issues have been accepted as intentional design decisions necessary for product functionality."

They don't expand on what those three are.

1. https://bitwarden.com/blog/security-through-transparency-eth...

For clarity, one of the "Accepted" vulnerabilities is that attackers who control the Bitwarden servers can set the PBKDF iteration count to "1". They set the severity of this to "low".

They've also "accepted" a vulnerability --- BW01 from the paper, I believe --- that allows a malicious server to read all vault items from a user as soon as they accept any invitation (real or not) to an "organization".

you can see them in the report at the bottom, but I counted four. See my post above.

No matter how compromised a server gets, ideally the client should never be able to provide it unencrypted data, or data is encrypted in a way such that the server can decrypt it. It is unclear if Bitwarden has fixed this core issue or not.

Does't TLS pinning alleviate the DNS attack?