NaN

Hadn’t checked, that is not a hard requirement for the platform - assuming they actually have it in their infrastructure.

Ok, now do your own datacenter vs cloud.

IP address can belong to Mozilla, but the rest is correct.

It is, actually. It is local to them, it is remote to you. They are differentiating from a remote server in someone else’s datacenter. It is not that confusing.

If they had said “locally hosted in our datacenter” would you be confused why they didn’t move a rack into your house?

My question is why are you projecting your limited interpretation as a global truth?

I don’t think you need to do anything different. Sometimes when I learn new things I say “oh, interesting.”

What’s the sentence before that one?

Here, read the latest news: https://www.zdnet.com/article/mozilla-moves-to-monetize-thunderbird-transfers-project-to-new-subsidiary/

Never wondered why Thunderbird donations aren’t tax deductible?

Why does it mean that?

deleted by creator

I agree. I’d prefer they just run their own Kubernetes and manage it themselves. Maybe throw some business at Red Hat if they need help with it.

It’s a thing.

Remember how the cloud is someone else’s server? Now you can buy it (or lease) and bring it home, and it becomes only sorta someone else’s.

Amazon and Azure offer their own on-prem products.

Thunderbird is built by a for-profit subsidiary of the Mozilla Foundation, it just isn’t the Mozilla Corporation.

Google Distributed Cloud allows you to run Google Cloud Platform locally in your own datacenter. They can deploy apps to that infrastructure and use the cloud console for management, or even use normal kubernetes tools for it.

Couldn’t say if that’s what they’re actually doing, but running Google Cloud locally is a thing.

Cylons leave nothing to chance.

Easter egg and a little fun. Been there for decades.

That’s not suspicious, that is the normal port for it to run on. It is not typical that they would include the port number but they may use a different one for testing and automatically change it or something.

One thing the article doesn’t make very clear is that for 2FA the PIN requirement comes from the site itself. If the site requires User Verification, the PIN is required. If not, it is not prompted even if set and this attack is possible. The response to the site just says they knew it.

It is different for Passkeys. They are stored on the device and physically locked behind the PIN, but this is just an attack on 2FA where the username and password are known. (In depth it’s more than that, but for most people walking around with a Yubikey…)

It also seems limited in scope to the targeted site and not that everything else protected by that specific Yubikey. That limits how useful this is in general, which is another reason it is sort of nation-state level or an extremely targeted attack. It’s not something your local law enforcement are going to use.

I think the YubiHSM is a much more appealing target, but that isn’t so much a consumer device and has its own authentication methods.

I think this is the crux of the article. In the past most people have considered photographic evidence to be very convincing. Sure, you could be removed from a photo of Stalin, and later people could do photoshop (with varying realism), now it’s a few words to make changes that many people believe without hesitation. Soon it will happen to video too, very soon.

Most people are not ready for it. Even shitty AI photos on social media get huge reactions with barely a handful calling them out.

Sir, this is a Wendy’s.

I think they gave people time to get over the hype and they saw that what they had was good enough. Especially once inflation hit and they had less extra money.