Interesting how a guy whose entire administration is being investigated and indicted by the FBI ran almost entirely on a ‘law and order’ platform, with this pilot being one of the staples.
The "investigated and indicted by the FBI" that lead to nothing for the "law and order" candidate? Interesting that the "lawfair" candidate would have had the complete opposite outcome, had the laws been equally enforced.
Google owns the platform and the ad network / marketplace. A lot of videos ‘lose’ money and just take up space.
Any viable competitor to YouTube would need a solution that allows signups, watches and video uploads, without requiring a fee. Which typically means displaying ads. For Google the ad network is already there. For anyone else, they need to either create their own marketplace, or have Google (or some other network) take a large cut of their ad revenue.
This is likely why the only other ‘competitors’ you see are peering based or based on a subscription model. Neither of which can really compete with YouTube which really doesn’t need to *directly* make any money
If your threat model is the NSA and you’re worried about backdoors then don’t use any cloud provider?
Maybe I’m just jaded from years doing this, but two things have never failed me for bringing me peace of mind in the infrastructure/ops world:
1. Use whatever your company has already committed to. Compare options and bring up tradeoffs when committing to a cloud-specific service(ie. AWS Lambdas) versus more generic solutions around cost, security and maintenance.
2. Use whatever feels right to you for anything else.
Preventing the NSA from cracking into your system is a fun thought exercise, but life is too short to make that the focus of all your hosting concerns
You’ve done nothing but submit half a dozen random extensions in the 3 weeks that all collect different personal information on browsing history at a minimum. Your README’s look AI generated, and you’re a completely anonymous account. Additionally, your responses on how files are encrypted here is severely lacking.
All I can say is: There are a lot of red flags here.
Ah yes, we should completely trust the anonymous person who registered to the site 23 days ago and has done nothing other than submit half a dozen chrome extensions to the site since then
In my experience, it’s extremely difficult to get out of the SES sandbox, for what I presume is if your account/org is under a certain amount of spend with them. While basically free under a certain amount of usage, the gatekeeping there does make the idea of self-hosting your email free/cheaply sort of a nonstarter for indie devs.
For context, getting out of the sandbox at every org I worked at was essentially a single ticket with the word please and had almost immediate approval.
For my own account for a low volume form notification tool I wrote AWS’s response was ‘We will not approve your request and we will not revisit this decision’.
I actually just did this a couple weeks ago. I'm just one data point, so I've no real idea what the difficulty is of escaping the sandbox, but I created a brand new AWS account, made it clear that I'd be using SES purely for low volume transactional emails for people who had opted in and could opt out at any time, and they approved me within a couple days.
I got approved instantly for personal mail for my domains. even though they charge for smtp they don't actually take payment for very small amounts so it has been completely free for over a year.
The city would extend a no-bid contract to run a 6-month pilot in a 3 block radius.
It’d go to a random company that never did anything related to trash pick up, but one of the board members would be loosely related to the mayor.
The mayor will then do a victory lap in front of journalists talking about this revolutionary project.
The winner would then sub-contract a series of shell companies to handle ‘planning the design and implementation’ of the vehicle used to pick up the debris.
3 months will pass and the first community board meeting about the pilot in the neighborhood will happen, where the project will hit vicious opposition from people citing gentrification, how this pilot will rip apart the fabric of the neighborhood, cause gridlock, be dangerous for kids (What if a kid runs infront of the magnet bike??), etc…
6 months and $5M later, the pilot gets extended and another $50M worth of funding having never picked up an ounce of trash.
Theft: A $2000 laptop is an easy target for anyone with sticky fingers, and so is a $1000 smartphone. A Yubikey has essentially zero resale value, so you will not lose them due to random theft.
Durability: If you drop your smartphone, there's a pretty good chance you'll shatter the screen and buy a new one. You can play tennis with a Yubikey and it'll be fine. You can run it through the washing machine and it'll be fine.
Longevity: Laptops and smartphones generally only have a 3-5 year lifespan due to battery degradation, and many people will want to swap it for one with more storage or whatever anyways. A Yubikey will essentially last forever, and if you stay clear of the insanity that is Passkeys its Webauthn element can support an infinite number of websites.
Portability: I have a smartphone, a work laptop, a home laptop, and a home desktop. My Yubikey has USB and NFC, so it can trivially be used with all of them. Individually enrolling each device would be a nightmare, and having the credentials sync is a bad idea from a security perspective.
Security: If your device gets compromised, it's pretty much game over: the attacker can now log in to all your accounts, any time they want. With a Yubikey I have to physically insert it and tap the button for each login - which is relatively rare because active sessions don't tend to expire. This means I would have to actively participate in a mass compromise of my accounts, making it way more likely to be noticed.
Passkeys is like embedded Yubikeys, or, Yubikeys are like external passkeys.
The point of passkeys that the key is kept inside a separate secure computer running secure blobs, so user codes can't touch it. That sounds sketchy but contactless payments using similar embedded secure computer has been fine so this should be too.
A couple of other people answered you already in a lot of detail, so I don’t have much to add there.
But I do recognize that really is a legitimate question and it feels like Yubi would benefit from running more outreach / promotion programs with schools and companies. I never felt like I could justify spending $50 just to try it out(especially when it doesn’t have support in a lot of sites), but then they partnered with Cloudflare to sell up to 5 per person at $10 each. It was a no-brainer to try it at that price and I haven’t looked back
