This meme format works best to absurdly overstate the uselessness of something you find mildly annoying. That’s when it’s funniest, because the criticisms are grounded in something real, and the low-stakes controversy makes the aggressive tone funny in context.

Oh don’t worry, malicious .exe files were all over the forums back then.

not meant to be consistent with the human eye.

Even then, postprocessing is inevitable.

As the white/gold versus blue/black dress debate showed, our perception of color is heavily influenced by context, and is more than just a simple algorithm of which rods and cone cells were activated while viewing an image.

The typical default configuration has the ISP providing DNS services (and even if you use an external DNS provider, the default configuration there is that the DNS traffic itself isn’t encrypted from the ISP’s ability to analyze).

So even if you visit a site that is hosted on some big service, where the IP address might not reveal what you’re looking at (like visiting a site hosted or cached by Cloudflare or AWS), the DNS lookup might at least reveal the domain you’re visiting.

Still, the domain itself doesn’t reveal the URL that follows the domain.

So if you do a Google search for “weird sexual fetishes,” that might cause you to visit the URL:

https://www.google.com/search?q=weird+sexual+fetishes

Your ISP can see that you visited the www.google.com domain, but can’t see what search you actually performed.

There are different tricks and tips for keeping certain things private from certain observers, so splitting up the actual ISP from the DNS resolver from the website itself might be helpful and scattering pieces of information, but some of those pieces of information will inevitably have to be shared with someone.

A zero day is an exploit that has been identified by someone but not yet used.

I’ve always understood that the counting of days comes from the vendor’s knowledge. So any exploit from before Google was aware of the vulnerability would be a zero day.

It wouldn’t make any sense to refer to the days counted from when an attacker first discovers the vulnerability, because by definition any vulnerability in active exploitation wouldn’t be a zero day.

disclosed active exploitation

So, not a fucking zero day.

I’m confused. Isn’t an active exploit that hasn’t been patched yet, by definition, a zero day? So the release of a new patch that closes an actively exploited vulnerability patches a zero-day?

I’ve seen it for keypads that have to send a signal to an actuator located elsewhere, but I think the typical in-door deadbolt (where the keypad is mere millimeters from the motor itself) wouldn’t have the form factor leaving the connection as exposed to a magnet inducing a current that would actually actuate the motor.

Most of LPL’s videos on smart locks just defeat the mechanical backup cylinder, anyway. I’d love to see him take on the specific Yale x Nest model I have, though.

Yup. The backup for battery failure on this model is that the bottom of the plate can accept power from the pins of a 9V battery, held there just long enough to punch in the code.

Things might be different by now, but when I was researching this I decided on the Yale x Nest.

It’s more secure than a keyed lock in the following ways:

• Can’t be picked (no physical keyhole).
• Codes can be revoked or time-gated (for example, you can set the dog walker’s code to work only at the time of day they’re expected to come by).
• Guest codes can be set to provide real-time notifications when used.
• The lock keeps a detailed log of every time it’s used.
• The lock can be set to automatically lock the door after a certain amount of time.

It’s less secure than a physical traditional lock in the following ways:

• Compromise of a keycode isn’t as obvious as losing a key, so you might not change a compromised keycode the same way you might change a lost key.
• People can theoretically see a code being punched in, or intercept compromised communications to use it.
• Compromised app or login could be used to assign new codes or remotely unlock

It’s basically the same level of security in the following ways:

• The deadbolt can still be defeated with the same physical weaknesses that a typical deadbolt has: blunt force, cutting with a saw, etc.
• The windows and doors are probably just generally weak around your house, to where a determined burglar can get in no matter what lock you use.
• Works like normal without power or network connection (just can’t be remotely unlocked or reprogrammed to add/revoke codes if not online)

Overall, I’d say it’s more secure against real-world risk, where the weakest link tends to be the people you share your keys with.