Isn’t that a quote from Snatch?

Many encryption algorithms rely on the assumption that the factorizations of numbers in prime numbers has an exponential cost and not a polynomial cost (I.e. is a NP problem and not P, and we don’t know if P != NP although many would bet on it). Whether there are infinite prime numbers or not is really irrelevant in the context you are mentioning, because encryption relies on factorizing finite numbers of relatively fixed sizes.

The problem is that for big numbers like n=p*q (where p and q are both prime) it’s expensive to recover p and q given n.

Note that actually more modern ciphers don’t rely on this (like elliptic curve crypto).

Yep, my partner gave one for my birthday, it’s basically plug-and-play. It can automatically harvest credentials, spoof captive portals, etc. I bet that in most places nobody would question something like this hanging on the ceiling indeed.

Just FYI https://shop.hak5.org/products/wifi-pineapple. There are ready-made devices that can do basically what you are describing!

Encrypted DNS doesn’t solve everything. Handshake for TLS sessions is still in clear, you can usually see the SNI, and since we are talking about Wireless, usually this data is available to anybody who is in the vicinity, not just the network owner. This already means that you can see what sites someone is visiting, more or less. TLS 1.3 can mitigate some of this (for those who implement ESNI, but you don’t know that beforehand). Also TLS works until the user is not accepting invalid certificates prompts (HSTS doesn’t work for everything) and there are still tons of HTTP-based redirect (check mailing newsletters and see how many first send you to an HTTP site, for example) that can be used for MiTM attacks.

A VPN moves the trust to a single provider that you can choose, which is much better than trusting every single WiFi network you can attach to and the people connected to it, I would say.

Also if you pay for the VPN (I pay Proton), it’s not true that the company business is based on user data, they are based on subscriptions.

So, not carbonara. Pasta with lemon is awesome, I also love pasta with tuna, both also work together, but it’s not a carbonara.

I will go out on a limb here and guess those were not ravioli and some form of pelmeni instead? There are types of them that are usually eaten with sour cream and jam. But the dough used is quite different from the ravioli one, and the filling is cheese (not meat or ricotta/spinach).

Was that the case?

It actually makes sense, because Italian history is far from a continuum. In fact, most “Italian cuisine” is actually less than 100 years old!

Most of Italian recipes are very simple. The focus usually is on quality on the ingredients and if they are good, a pizza with just mozzarella and tomatoes is already delicious. That said, even in Italy there are plenty of types of pizzas, but most of them don’t have 20 ingredients, I suppose the point is that you actually want to taste what you eat, which is not the case when you mix many different things. There is a very messy and rich pizza (capricciosa) with a lot of toppings though (more than one obviously, but this is the most common).

Personally I am a margherita person, simple and boring is perfect, as long as it tastes great.

P.s. Giuseppe :)

It’s not about being right, it’s about making something that tastes good. Besides that, there are also well established cultural traditions. But as long as people call their garbage pizzas “NY pizza”, or whatever and it’s well distinguished by “Italian pizza” (or Neapolitan, etc.), I don’t see the problem.

Completely different dough in terms of consistency and taste. Bread and pizza are quite different, so many ingredients that work on pizza don’t work on sandwiches and vice versa. Having said that, people can eat what they please.

For what is worth, that’s not how (most?) Italians think about pizza. It’s not a “container” in which you put a bunch of things, but each pizza type is basically a separate dish.

I personally don’t care what people put on their pizza, I simply avoid places that make “pizzas” in a non-italian fashion, like the american (supposedly NY style) ones where you get crust, 2 fingers of industrial cheese and a whole plant of oregano.

It’s very similar for pasta, which many people think as a bread replacement.

I can’t really make an exhaustive comparison. I think k3s was a little too opinionated for my taste, with lots of rancher logic in it (paths, ingress, etc.). K0s was a little more “bare”, and I had some trouble in the past with k3s with upgrading (encountered some error), while with k0s so far (about 2 years) I never had issues. k0s also has some ansible role that eases operations, I don’t know if now also k3s does. Either way, they are quite similar overall so if one is working for you, rest assured you are not missing out.

Yeah, but you don’t need anything besides the runtime with kubernetes. Podman is completely unnecessary since kubelet does the container orchestration based on Kubernetes control plane. Running podman is like running docker, unnecessary attack surface for an API that is not used by anybody (in Kubernetes).

I run k0s at home, FWIW, tried k3s too :)

Why would anybody use podman for k8s…containerd is the default for years.

Sure! FYI, simplelogin can create aliases with prefix! I usually get service-{random 5 chars}@simplelogin.com, so you can still sort by folder using prefixes.

You should definitely be! I take backups every 6h for my self hosted vaultwarden (easier to manage and to backup, but not official, YMMV). You can also restore each backup automatically and have a “second service” you can run elsewhere (a standby basically), which will also ensure the backup works fine.

I have been running bit/vaultwarden now for I think 6 years, for my whole family and I have never needed to do anything, despite having had a few hiccups with the server.

Don’t take my word for it, but the clients (browser plugin, desktop app, mobile app) are designed to keep data locally I think. So the term cache might be misleading here because it suggests some temporary storage used just to save web requests, with a relatively quick expiration. In this case I think the plugin etc. can work potentially indefinitely without server - something to double-check, but I believe it’s the design.

Interesting! That’s very close to this blog post I read long time ago (unfortunately medium.com link)! Are you actually sending emails from those addresses? Like if you need to drop an email to your bank, do you use the banking one or your personal (or something else)?

Fwiw, I do something similar. I use a mix of domain aliases without address (e.g. made-up-on-the-fly@domain.com) and actual aliases. Since I have proton family (and the same when I used ultimate) I have unlimited hide-my-email aliases, so I have it integrated with my password manager, and I generate a random password and email for everything I sign up now. These though are receive-only addresses. In fact, with this technique I probably use 3-4 addresses in total, but I have probably 30 domain addresses that go to the catch-all one.

Spam on these addresses are basically non-existing and you can still create folders based on recipient without having a full address (e.g. bank1@domain.com, bank2@domain.com). You can make folder categorization based on recipient regex and this way you also have the “stop bothering me” option: if some email gets into the wrong hands, you can create a spam rule for that dedicated address. However, my approach is that all of these are used just to receive emails, to send I have just a handful of actual addresses or -if really needed- I can create on-the-fly an address from a catch-all one, send the email and then disable it again (so it doesn’t count towards the limit, but I still get inbound email to the catch-all).

Nice setup anyway!

Your requirements are totally fair tbh.

That said, I think you can use aliases for the use-case you have, you don’t need full addresses. Proton supports “+ aliases” as well, so name+service@domain works, and most importantly they support catch-all addresses if you have your own domain. I now use actual aliases (the ones from simplelogin), which I generate on the fly, but if you can use whatever@domain and it will be redirected to your configured address. You don’t even need to create this beforehand, so many times I was around and had to give an email address for some reason and I just made up an address on the fly. As long as you use your domain, the catch-all will get the email.

So the 10 addresses only include actual addresses, the ones you can write from. You can have as many as you want to receive emails (which is generally the use case for signing up to services, right?). Just a FYI in case tuta supports the same and you are making more effort than needed!

If XMPP were to replace emails, that would’ve been great

Who knows :) But XMPP also needed all kind of extensions to support even relatively old security measures.

Anyway, I still don’t trust Proton. Have a great day.

That’s fine, you can trust who you want, of course. The important thing is to have clear the risk model.