You're posing a good question but, if you look at things from this perspective, then every time you type the password to decrypt your private key you should worry about the possibility of some software running on your machine reading it and sending it somewhere.
While you pose a valid concern, I think most people don't have to worry about this. The reason is that printing private keys isn't a common practice, so I think it's unlikely that nation-states mandate backdoors in printer firmware to collect private keys, and most people don't have to worry about targeted attacks.
EDIT: On a second thought, your comment reminded me of that creepy time many years ago when a printer randomly regurgitated a partial print of a document I printed some time before (read: days or even weeks before), clearly showing that the printer kept it somewhere in memory. So it still possible that some printers memorize what you print. IIRC it was a Brother printer. At the end of the day, you can't account for every possible attack vector. Pick a reasonable threat model and act accordingly.
This certainly applies to office printers. Printers that accept new jobs while printing have to store them somewhere. There have been many incidents of finding old documents on disposed printers because it doesn’t occur to anyone to wipe them first. This especially applies to “copiers”, because a copier is just a printer in the same box as a scanner.
But that wasn't an office printer. Yes, printers do have some memory to store what they need to print, but surely I didn't expect a document to linger there for weeks. Anyway, you're right: we may have to look at printers differently.
There was a conspiracy theory that China was buying old office printers/scanners hoping to recover secret documents remaining in the cache. Plausible, but seems like a lot of effort hoping for a diamond in the rough when I expect 99% of prints are boring day-to-day information.
> every time you type the password to decrypt your private key you should worry about the possibility of some software running on your machine reading it and sending it somewhere.
Yes, I believe you should. On OSes without sandboxing and protections against exfiltration, this is a substantial concern. And you’d be foolish to e.g. keep a bitcoin private key lying around in your home dir. For this same reason, I think the common practice of leaving non-password-protected SSH keys in ~/.ssh is terrible.
Sure it's a bad idea to not encrypt your private keys, but the point here was that, even if you encrypt them, they will be unencrypted when you need to use them.
In this situation you would have someone with actual knowledge of the mechanics involved do the computation using the actual data (e.g., what's the mass of the train? Which kind of breaks does it have?) instead of asking an LLM and trusting it to give the correct answer without checking.
Assuming you could find an expert like that in time, and that they will then be able to understand and solve the problem fast enough to still be helpful.
If you need the answer within a couple hours, you can probably get it for an expert; if you need to get an actionable answer within minutes, based on some back-of-the-envelope calculations, then a SOTA LLM is a much safer bet than flagging whoever seems the smartest in the room and asking them for help.
Judging from your comment, it seems that your statistical sample is heavily biased as well, as you are interacting with people that can't afford a laptop. That's not representative of the average person.
Not an expert in this area, but I think that that "just" is hiding a lot of complexity. Plus you also need some remotely operated robots to mount the replacement.
Yes, this is it. A C compiler in 50 kilobytes of code is pretty innovative.
It's also doesn't lie about the "almost". It's really almost C. It's just that C's stdlib is POSIX centric and doesn't fit Forth well, so it's not implemented as is.
It is also interesting in the fact that it is extremely tiny in terms of lines of code, and the approach they took to minimize its codebase is original.
While you pose a valid concern, I think most people don't have to worry about this. The reason is that printing private keys isn't a common practice, so I think it's unlikely that nation-states mandate backdoors in printer firmware to collect private keys, and most people don't have to worry about targeted attacks.
EDIT: On a second thought, your comment reminded me of that creepy time many years ago when a printer randomly regurgitated a partial print of a document I printed some time before (read: days or even weeks before), clearly showing that the printer kept it somewhere in memory. So it still possible that some printers memorize what you print. IIRC it was a Brother printer. At the end of the day, you can't account for every possible attack vector. Pick a reasonable threat model and act accordingly.
reply