The president won [the] popular vote
Only if you ignore the huge amounts of voter suppression. If you don’t, then he lost the popular vote and the electoral vote - netting 45.8% of the popular vote to Kamala’s 52.7%, and he earned at most (and probably less than) 252 electoral votes to Kamala’s 286.
If you’re in the US, automatic is fine. Manuals make up like 1 percent of new cars and maybe 4% of used cars here. It doesn’t hurt to know how to drive one, but it doesn’t benefit you much, either. I drove a manual once, but it was a rental in another country. I’ve never been faced with needing to - or even having the opportunity to - drive a manual in the US.
However, learning on a manual does make it easier to understand certain ways of how cars work, even on automatics (less so on CVTs), so if you like understanding things more, I recommend manual even in the US. You can still get that understanding driving automatics, though - just a bit more effort.
Outside the US, most places I know of manual is the default. If manuals make up even 30 percent or so of cars where you live, I strongly suggest learning to drive one.
I can’t guess where your interests lie
OP does say they have a boyfriend
Even with an HOA, you can still end up needing to pay tens of thousands for surprise repairs in the forms of special assessments, especially if the HOA is poorly managed.
Why specifically do you want to be a trans man online?
I attended a 1-on-1 meeting that a billionaire scheduled with me but that they themselves did not attend.
Under notes, where you said my name, did you mean “Hedgedoc?”
If your recommend protein intake is 70 grams per day (meaning you weigh about 195 pounds / 87 kg) and you’re only getting 20 grams per day, then you are likely already experiencing health issues.
From https://www.verywellhealth.com/protein-deficiency-symptoms-8756264 you could expect to experience:
Not all of those are immediately noticeable.
However, I’m with the other commenter who said that they think it’s likely that you’re under-estimating your daily protein intake. What method did you use for tracking and calculating it?
local docker hub proxy
Do you mean a Docker container registry? If so, here are a couple options:
At that point, you could say “male characters.”
A paid skillful engineer, who doesn’t think it’s important to make that sort of a change and who knows how the system works, will know that, if success is judged solely by “does it work?” then the effort is doomed for failure. Such an engineer will push to have the requirements written clearly and explicitly - “how does it function?” rather than “what are the results?” - which means that unless the person writing the requirements actually understands the solution, said solution will end up having its requirements written such that even if it’s defeated instantly, it will count as a success. It met the specifications, after all.
You can self-host Bitwarden, too. My understanding is that VaultWarden is much simpler to self-host, though. Note that VaultWarden isn’t a “fork”; it’s a compatible rewrite in Rust (Bitwarden’s codebase, by contrast, is primarily C#).
I also use Bitwarden and strongly prefer it over every other password manager I’ve tried or investigated, for what that’s worth. I’d recommend it to 99% of non-enterprise users (it’s probably great for enterprise use as well, TBF).
The only use case I wouldn’t recommend it for is when you don’t want your passwords stored in the cloud, in which case KeePass is the way to go. To be clear, that recommendation does not apply if you’re syncing your vault with a cloud storage provider - even one you’re hosting, like SyncThing - even if your vault is encrypted. At that point just use Bitwarden or VaultWarden, because they’re at least audited with your use case in mind (Vaultwarden has only been audited once afaik, though).
Sure, but mortgage interest can easily be enough to make that worth it without any other deductions. With $300K principal and a 5% loan, that’s $15K - about the same as a single taxpayer’s standard deduction and roughly half of a married couple’s standard deduction.
I don’t think gravitational waves traveling at the speed of light is the same as the gravitational attraction being apparently felt faster than light travels.
I don’t know how you would measure gravitational waves without measuring gravitational attraction.
It’s not light that is “communicating” that attraction.
Nobody said it was. The “speed of light” isn’t about “light”. Gravity propagates at the same speed, aka “c.”
This Reddit discussion on r/AskPhysics might help clear up your misconceptions. Notably:
Just to clarify: when people talk about the speed of gravity, they mean the speed at which changes propagate. It’s the answer to questions like: if I take the Sun and wiggle it around, how long does it take for the Earth to feel the varitation in the force of gravity? And the answer is that changes in gravity travel at the speed of light.
But that’s not what you’re asking about. Whenever you’re close to the Earth, gravity is always acting on you: it’s not waiting until you step off a cliff, like in the Coyote and the Roadrunner. The very instant your foot is no longer on the ground, gravity will start to move it downwards. The only detail is that it takes some time for it to build up an appreciable speed, and this is what allows us to do stuff like jump over pits: if you’re fast enough, gravity won’t be able to accelerate you enough - but gravity is still there.
I get the sense that you’re thinking about the second scenario when objecting to the concept that gravity travels at the speed of light.
I’m familiar with SSL in the context of webdev, where SSL (well, TLS) is standard, but there the standard only uses server certificates. Even as a best practice, consumer use cases for client certificates, where each client has a unique certificate, are extremely rare. In an app, I would assume that’s equally true, but that shared client certificates - where every install from Google Play uses the same certificate, possibly rotated from version to version, and likewise with other platforms, like the App Store, the apk you can download from their site, F-Droid, if they were on it, and releases of other apps that use the same servers, like Molly. Other platforms might share the same key or have different keys, but in either case, they’re shared among millions of users.
I’m not sure Signal does have a client certificate, but I believe they do have a shared API access key that isn’t part of the source code, and which they (at least previously) prohibited the use of by FOSS forks (and refused to grant them their own key)
That said, I reviewed that code, and while I’m not a big fan of Java and I’m not familiar with the Android APIs, I’m familiar with TLS connections in webdev, the terms are pretty similar cross-language, and I did work in Java for about five years, but I didn’t see anything when reviewing that file that makes me think client certificates are being generated or used. Can you elaborate on what I’m missing?
you’re the only one with your SSL keys. As part of authentication, you are identified. All the information about your device is transmitted. Then you stop identifying yourself in future messages, but your SSL keys tie your messages together. They are discarded once the message is decrypted by the server, so your messages should in theory be anonymised in the case of a leak to a third party. That seems to be what sealed sender is designed for, but it isn’t what I’m concerned about.
Why do you think that Signal uses SSL client keys or that it transmits unique information about your device? Do you have a source for that or is it just an assumption?
And it’s I who should take a course in encryption and cybersecurity.
Yes. I was trying to be nice, but you’re clearly completely ignorant and misinformed when it comes to information security. Given that you self described as a “cryptography nerd,” it’s honestly embarrassing.
But since you’ve doubled down on being rude, just because I pointed out that you don’t know what you’re talking about, it’s unlikely you’ll ever learn enough about the topic to have a productive conversation, anyway.
Have fun protecting your ignorance.
Nice try FBI.
Wouldn’t “NSA” or “CIA” be more appropriate here?
Well, if my pin is four numbers, that’ll make it so hard to crack. /s
If you’re using a 4 number PIN then that’s on you. The blog post I shared covers that explicitly: “However, there’s a limit to how slow things can get without affecting legitimate client performance, and some user-chosen passwords may be so weak that no feasible amount of “key-stretching” will prevent brute force attacks” and later, “However, it would allow an attacker with access to the service to run an “offline” brute force attack. Users with a BIP39 passphrase (as above) would be safe against such a brute force, but even with an expensive KDF like Argon2, users who prefer a more memorable passphrase might not be, depending on the amount of money the attacker wants to spend on the attack.”
If you can’t show hard evidence that everything is offline locally, no keys stored in the cloud, then it’s just not secure.
If you can’t share a reputable source backing up that claim, along with a definition of what “secure” means, then your claim that “it’s just not secure” isn’t worth the bits taken to store the text in your comment.
You haven’t even specified your threat model.
BTW, “keys” when talking about encryption is the keys used to encrypt and decrypt,
Are you being earnest here? First, even if we were just talking about encryption, the question of what’s being encrypted is relevant. Secondly, we weren’t just talking about encryption. Here’s your complete comment, for reference:
I have read that it is self hostable (but I haven’t digged into it) but as it’s not a federating service so not better than other alternative out there.
Also read that the keys are stored locally but also somehow stored in the cloud (??), which makes it all completely worthless if it is true.
That said, the three letter agencies can probably get in any android/apple phones if they want to, like I’m not forgetting the oh so convenient “bug” heartbleed…
Just so you know, “keys” are used for a number of purposes in Signal (and for software applications in general) and not all of those purposes involve encryption. Many keys are used for verification/authentication.
Assuming you were being earnest: I recommend that you take some courses on encryption and cybersecurity, because you have some clear misconceptions. Specifically, I recommend that you start with Cryptography I (by Stanford, hosted on Coursera. See also Stanford’s page for the course, which contains a link to the free textbook). Its follow-up, Crypto II, isn’t available on Coursera, but I believe that this 8 hour long Youtube video contains several of the lectures from it. Alternatively, Berkeley’s Zero Knowledge Proofs course would be a good follow-up, and basically everything (excepting the quizzes) appears to be freely available online.
it wouldn’t be very interesting to encrypt them, because now you have another set of keys you have to deal with.
The link I shared with you has 6 keys (stretched_key, auth_key, c1, c2, master_key, and application_key) in a single code block. By encrypting the master key (used to derive application keys such as the one that encrypts social graph information) with a user-derived, stretched key, Signal can offer an optional feature: the ability to recover that encrypted information if their device is lost, stolen, wiped, etc., though of course message history is out of scope.
Full disk encryption also uses multiple keys in a similar way. Take LUKS, for example. Your drive is encrypted with a master key. You derive the master key by decrypting one of the access keys using its corresponding pass phrase. (Source: section 4.3 in the LUKS1 On-Disk Format Specification (I don’t believe this basic behavior was changed in LUKS2).)
Where did I contest your point?