Natanael

The electric motor capacity also accounts for scenarios like a heavily loaded car going uphill with poor weather conditions.

And because it always can dump full power into the wheels instantly, unlike ICE cars (which are forced to burn an insanely wasteful amount of fuel to compete) that means every EV made for normal use has ridiculous acceleration

Same with Matter. Home Assistant has a Matter module too. And, Matter is designed to be open!

Matter is more of a higher level IoT coordination protocol.

Zigbee and Zwave are radio protocols (relatively long range, low energy).

The neat thing here is you can bridge a lot of shit into Matter, and then use almost anything you want to control all the different devices. Everything becomes visible in the same control panel regardless of connection type and manufacturer. Everything becomes available for automation tools too!

If you run the software Home Assistant on a computer at home then it can act as your IoT control server, and giving it radio antennas for Zwave and Zigbee will let it act as a bridge to relay commands to devices that use those protocols (like a ton of small lights and sensors and more).

Which may suck for people who needed it for vacation homes, or worse, to help their old parents or something like it

If you want fancy IoT that’s quick to set up, look for Matter devices with full offline support

While the Matter spec requires offline control support, it doesn’t require full OEM independence, so you have to look up the individual devices first to check if they’re independent. The main difference being that some OEMs have a lot of extra features outside the Matter spec and other extras which require an account and device registration, etc, so check that the specific features you want works FULLY offline and with 3rd party apps. (I’ve seen Matter controller devices with screens and whatnot which are only configurable with the OEM app)

You can use Home Assistant with its Matter module (open source) as your home controller, together with necessary radios (specifically Thread/Zigbee), and firewall off your devices if you want full control.

And Home Assistant of course also has support for a little bit of everything, like MQTT and custom HTTP commands and more, so you can still control random devices even if they don’t support Matter

Well, you could make your own overlay network, maybe make use of cjdns or something like it

Can’t really do that with volunteer nodes only in open networks. Reliable low latency anonymous connections require stable direct links between most nodes. Like you’d need a bunch of big universities to run it.

Correct, and slow is kinda the point (traffic metadata protection through timing obfuscation)

There’s even a setting to set multiple Bote hops (inside I2P which already use multiple hop tunnels) with random delay per node (up to 24h)

I2P has its own internal DHT network. Bote piggybacks on it to relay messages between Bote nodes. You can even configure it so you can address random online nodes and ask them to hold a message for another node to relay (online or offline) to obscure message timing

DHT can be used for almost anything as a generic key value store, even if the typical use is just peer finding

https://bote.readthedocs.io/en/latest/v5/kademlia/

It does temporarily, on the order of hours to days. It’s not designed to use the network for long term storage, just message passing

I2P already did that with their DHT network (remember DHT?). I2P Bote uses that for messaging

WASM was made for browsers but can run anywhere. You can cross compile any language to it.

The trickier problem is compiler time hardware optimization, but there’s talks about appending architecture specific optimization hints for the runtime, so you can let the compiler search for optimal implementations when creating the bytecode so the JIT engine doesn’t have to. (that does mean you’re essentially compiling multiple times while creating the bytecode, but for performance sensitive software it’s worth it)

Not with that attitude

Again, you sound like an antivaxxer, and you’re ignoring his history of failure, including SPECIFICALLY FAILING AT ENCRYPTED DM BEFORE

https://www.theverge.com/2023/5/16/23725247/twitter-encrypted-dm-security-vulnerabilities-linda-yaccarino

You’re questioning experts with absolutely no justification other than your own animosity, assuming the experts too are driven by animosity instead of true concerns

This is incoherent bullshit.

You’re choosing to pretend it’s nothing so you can dismiss legitimate criticism.

An engineer hearing about some novice trying to build a plane using difficult methods that only one or two companies with immense expertise has succeeded at would be correct to assume that plane would be unsafe.

A doctor hearing about a tiny clinic attempting treatments that only big medical research facilities have pulled off are correct to assume they’re charlatans.

A cryptographer hearing about somebody attempting to build E2EE using methods that very few are capable of implementing correctly and without having the expertise on hand are correct to call that snakeoil.

Cryptography is INFAMOUSLY complex. E2EE is infamously difficult to make easy (“Johnny still can’t encrypt”). The worst part is that cryptographic failures are almost always 100% silent!

There’s a reason almost everybody copies Signal’s protocol, and that everybody else who does it in-house keeps having vulnerabilities.

Multi user key management (PKI) specifically is wildly complex.

They’re doing cryptography in the browser - famously difficult to make it work decently because there’s no reliable code pinning solution, no reliable protected key storage (no TPM protected keystore) and absolutely no auditability. And that’s on top of the risk of getting served malicious Javascript via XSS attacks, or by the host getting hacked, or by a maliciously issued certificate (there’s 800+ certificate authorities, FYI, no cert pinning = easy for a state level actor to MITM)

They’re not doing transparency logs of user keys. Even whatsapp has started doing that.

I haven’t seen evidence of them attempting user key verification

Twitter/X has only displayed signs of LACKING the necessary expertise.

To pretend that’s wishful thinking from me just reveals how little you care about expertise.

If you can’t demonstrate that you know more about cryptography then me, it’s time for you to admit you’re wrong

You sound like an antivaxxer defending a crank

I’ve run a cryptography forum for 10 years. I can tell snake oil from the real deal.

Musk’s Twitter doesn’t know how to do key distribution. The only major company using HSMs the way Musk intends to is Apple, and they have far more and much more experienced cryptographers than X does.

Bluesky federates across different layers, it’s modular, it doesn’t have a comparable same-layer federation. It is fully interoperable, just not by the method you’re used to.

You can host your own partial appview now (caching and indexing your and your friends’ comment), and multiple people have managed to run their own relays for cheap (caching most of the posts in the network), and you can pull the rest of data you need to browse from the other relays and use the service as usual. You can run your own moderation labeler, use your own app, just your own account, etc…

Just look at the interoperable blacksky project by a bunch of black devs making their own infrastructure for accounts and moderation, etc.

To be non federated, all you have to do is not announce your server and not accept arbitrary connections

Due to content addressing, limited federation isn’t really a thing by the usual definition. You can filter content from any PDS you don’t like, but can’t really control who can see already public posts

There are hardware for that called hardware security modules, but yeah I definitely wouldn’t trust Twitter’s implementation - especially because they probably just need the auth team to tell the HSM that the user logged in when they didn’t to get that key

A proper implementation would use multiple security measures and require a reset (delete) of certain private account data before the account access can be reset, otherwise the user’s password would be needed (for key derivation) or some other secret held by the user’s devices (in the TPM chip or equivalent)