1, 2, and 4) Yes, that's already possible. Look into Solo Keys for open source hardware and firmware. The standard allows for key manufacturer attestation but seems like the way it is going (especially with the proliferation of software authenticators) it likely won't be relevant in practice. You can also enroll many authenticators to the same account (provided the service allows it, which most do).
3) This is pretty hard/impossible, I think. The authenticators don't use the same key-pair for all websites (a la SSH through Yubikey), but rather create a per-service, per-credential key-pair, and encrypt it with the main key-pair. The encrypted credential key-pair is then handed off to the server for storage, and the service sends it back for the authenticator to decrypt and use during a challenge. Clever trick to not depend on local hardware memory and be able to have unlimited per-credential key-pairs, but afaik prevents you from just "adding lists of public keys".
I'm also not mentioning the resident keys aspect of the standard but that won't fix it as they're still service and credential based.
A simple proof of possession (pop), signed ahead of time, solves #3.
The message:
`{"pay":{"alg":"ES256","msg":"I own this key","tmb":"9PcBWntvjAktwfiPp8WxgOyQOwc1h6Lo1UnB_gkWXKk"},"sig":"eXuV0_HYCM-WnS2CbOnGXdce-9M8AzivCw23Hihtp1h69Ix6HwWCA79FR6cs3Nym2bWJoKajtnIY0xcTnuRnNQ"}`
The public key:
`{"alg":"ES256","kid":"Zami Mobile 2","x":"PZpmb3CI_2LTWcxopqjliqohPpmxFmNwKLb52wJgMg-4Xd0hTRKn7OruUMa3LvHmuTA9pHidocLHnEdOcQ04OA","tmb":"9PcBWntvjAktwfiPp8WxgOyQOwc1h6Lo1UnB_gkWXKk"}`
On registration, the server is handed a site/user-specific key pair _encrypted_ with the master key of the authenticator device (your usb key or your phone, etc), together with the plain-text site/user-specific public key.
On authentication, the server sends down that encrypted blurb, which is temporarily decrypted and then used to sign a challenge the server sent.
So basically the server is used as storage. There are exceptions to this (e.g. resident/discoverable credentials on hardware keys)
For an industry so enamored with scale and network effects, we sometimes fail to recognize how these work against us organizationally. Or maybe we don't, and the boards/execs just prefer a more controllable organization even at the expense of rigidness and efficiency?
You can. You gotta get Wireguard running on your local machine [0] and be able to see the ".internal" network, but once you do, you can ssh into any edge VM and if access its filesystem. I've SCP'd SQLite db files and dumps. It's also a pretty anti-pattern way of debugging an app if you're an outlaw :)
I did something similar. I installed ZeroTier, OpenSSH server, and TightVNC server on my parents' computers.
Their computers and mine are connected in the same ZeroTier network. I SSH to their computer and connect to VNC over an SSH tunnel. VNC is only bound to 127.0.0.1 so nobody on the network will be able to access it.
Perhaps I could have skipped the SSH part of it since ZeroTier should have covered the network security, but I also wanted an easy way to run commands too.
It's a couple steps to get connected, but it works well.
Agreed. Get all the way on the network, youll be able to troubeshoot more things. Having teamviewer with a hardcoded password is a good fallback. Have two ways in.
3.2g of arginine in a day doesn't sound like a lot. There's around 2g in most meat/protein servings, and 1g on each egg yolk[0]. I wonder how much of the study outcome is just the result of changing dietary habits of the patients.
It's well known that elderly people have reduced ability to absorb protein through the gut. I'm just speculating here but could that be one of several reasons why elderly patients are at higher risk of COVID-19? Perhaps some of them are simply deficient in essential amino acids.
Not only is that a tu quoque fallacy but it also fails to take into account that both Ceuta and Melilla are integral parts of Spain and have been since the 16th century, centuries prior to Morocco's independence from France in 1956, whereas Gibraltar, being a British Overseas Territory, is not and never has been part of the United Kingdom.
From Spain's perspective that's a distinction without a difference.
If sometime in the past 300 years the British government had formally incorporated Gibraltar into the UK the way Hawaii is a part of the US or French Guiana is part of France, would Spain's complaints about British sovereignty over Gibraltar, and periodic attempts to regain the territory, be any less frequent? I think not.
As long as we are talking (de)colonization, the distinction makes all the difference.
The difference in the treatment of a land and its people as equals to the rest of the country's citizens and states is what makes Hawaiians regular Americans and Ceuties regular Spaniards, and what keeps Llanitos from being British _citizens_.
To answer your question: yeah, if Gibraltar was a self-sufficient state within the UK (instead of an -arguably- geo-strategic colony that is a tax haven according to the OECD) you likely wouldn't hear as many complaints about it.
Take for example the cession of Sardinia in the very same Treaty of Utrecht. You ever hear complaints about its sovereignty?
You're saying that Spain wants Gibraltar back because it wants to liberate the benighted residents of the rock, which of course isn't true. Spain might claim as such as part of its overall case for regaining the territory, but that's certainly not the main, secondary, or tertiary reason.
If Sardinia were not an island hundreds of miles away, but a large peninsula physically connected to Spain, yes Spain would very much actively try to regain the territory. (Probably much more of a priority than Gibraltar.)
Gibraltar has the same status in OECD as USA, Germany, and is not classified as a tax haven. The regulation is the same as in any EU country, which Gibraltar was for a long time.
Come join our well-funded, revenue-generating team and help build the automotive auction of the future.
https://wellfound.com/jobs/2998538-senior-software-engineer