I think you are describing the most successful bands. I wouldn't be surprised if the average band good enough to play a small venue made more money on the shirts than the records and tapes. People weren't choosing them from among all the bands at the record store but from all the experiences in the town that night.

I think the greatest risk to the EU is the sheer volume of communications it allows to travel without end-to-end encryption. Financial, infrastructure, personal political sentiment.. What doesn't a foreign enemy get volumes of minable data on?

A squadron of F-35s is worth more than the Moskva. Russia had to fight hard to regain the title of biggest loser and it could lose that in a single incident. But more than the financial loss the loss of having invested in something stupid is felt when you can't use any of the related blunders as you intended and have to keep them at a distance from the cheap practical warfare.

>"A squadron of F-35s is worth more than the Moskva"

In Lala land.

Right, as measured in the new Petroclown basket currency.

I find it silly to throw huge amounts of resources away worrying about quantum attacks that won't get burned on something as silly as this week's DNS if it happens to be protected at all. If you are making a 30 year root and/or document signing then worry.

I don't see why China or most of the EU would want to stop development so I think the only real question is whether countries that protect their fossil fuel mafias end up irrelevant by not keeping up.

How else would you recover from a device failure?

You enroll up another hardware device (or 2) as a backup and securely store them in different places.

This is normal to do for yubikeys, for example.

The main point is that the secrets stored on the device are usually used to unlock other secrets stored elsewhere, and so themselves don't need to be synchronized often.

You don't. The normal procedure here is to have multiple unique keys with multiple unique secrets. If one breaks that's it it's broken. This also allows you to revoke a key without removing all keys.

If Asimov designed it he wouldn't be that interested.

Being able.to examine the kernel is of little value in the tivoization described.

If the US taunts someone into a nuclear war, the rest of us get to live but should be investing more in cancer research.

This has nothing to do with the reality of computer security. Not getting hacked requires doing everything right and some luck. Hacking requires some luck or doing one thing right.

The problem is to hack something you need to know the what, where, who.

Companies have a very visible what, where, who in most cases.

Hacker don't, and take extra steps to obscure it (e.g. jump hosts, bot nets etc.).

Now if it's idk. a spear phishing campaign or similar "hacking back" by giving them trapped data or reverse social engineering attacks might work.

But if it's a technical security vulnerability some one found by scanning and sneaked into using multi-country jump hosts and cleaned up behind them. Then you have little chances to find them and to do so likely requires getting information from telcoms which require judge orders to be handed over, and from multiple countries, too.

Sure though I would view that as a separate problem with the idea of asking anyone to target attackers.. Everyone is an equally good psychic some believe they are better than others.

Extending your logic, highly debatable as it is, a firm should first of all be hacking itself constantly via red teaming. This will help it discover and perhaps fix issues that external hackers can otherwise exploit. This self-offense is a means of defense.

Every company that meets modern regulations runs scanners that identify some attacks against themselves. The scanners sold to them stop there because it is liability to do anything beyond that. You don't have to be a genius to use Telegram instead of Teams you'll simply be fired for taking risks with better tools for the job than organizations and governments want to be acceptable and routine if you are in a Western regulated industry.

Announce a change that is believable and all the corporate software will change to match the utility that is no longer a liability.

It applies to more things than computer security. Best defense is offense is a very old and broad say.

it's also why Germany started WW1 and what made it easy to put all the blame on them (after WW1, WW2 is a different thing)

and also is related to common war crimes iff in a conflict combatants frequently hide as civilians (as a defense by offense will sooner or later lead to attacking random civilians due to mistaking them for hidden combatants)

so I would take that saying with a bit of salt

Guerrilla warfare strategies undercut old saying like this and are essentially what these hacker groups represent