I don’t really like this view of the world. I think they are correct about the lack of certainty and doing things while you can, but often big goals, like having a child, professional success, monetary success, etc. can cause us to miss life, too. Everything is a trade off. There’s always opportunity cost and you can always look back and see what you may have sacrificed to get where you are.
It’s needlessly depressing to wallow in this mindset. I personally value being a good person and my connections with people. Sure I could focus this energy on one human I bring into the world, but that’s not objectively better than anyone else I affect positively.
And I know having a child is a transformative experience. I’m lucky enough to have lots of little cousins and Have volunteered with programs for kids for years. Kids are amazing and bring magic to the world as you grow older. I just think that wrapping all of your identity and self worth up in a single goal is asking for disappointment. It’s not fair to you or the child.
Try to appreciate your real impact on the world. Did you improve someone’s day today? Did you restore someone’s faith in humanity? Is someone comforted right now by their trust in you? That’s the good stuff. Make that happen any way you can.
If you do want a child, go for it. Time IS ticking, but if you can’t or didn’t or are considering bring one into a bad situation or relationship to quell an existential fear, don’t worry. It’s fine. You can still find meaning and have an impact through your connections with others.
I really like having totp functionality. I use a yubikey for TOTP and boot into an air gapped machine with keypass to store the TOTP codes in case I lose or break the yubikey. I don’t store TOTP codes in my main password manager, but it’s not completely insane. You’re screwed if someone gets your decrypted password database, but you’re still protected from most other attack vectors.
I’m not going to pretend I know the future or anything, but I will say that, while this is a common series of events, #4 can absolutely go two different ways. Everyone loves a good underdog story, but I also wouldn’t say that winning is the most common outcome.
> I feel much safer knowing that an exploit like this is worth hundreds of thousands or even millions of dollars.
I don't. Look at how much companies like Apple pay out for responsible disclosure if they pay out at all, and then compare it to what exploits go for on the grey/black market. Typically the buyers have deep pockets and burning millions of dollars wouldn't make them blink.
Why does it matter if it’s the “good guys” or “bad guys” paying?
If a vulnerability only cost ~$100 then a malicious person could compromise an ex lover’s phone, for example. The fact that they are expensive means that their use is limited to targeted, strategic attacks. You don’t have to agree that those attacks are good, but surely pricing the average person out of 0-days is better than the alternative.
> The fact that they are expensive means that their use is limited to targeted, strategic attacks.
There are organized crime networks that pull in billions of dollars of revenue a year. If they wanted to pull off dragnet fraud, for example, they have the funds to do so.
>Why does it matter if it’s the “good guys” or “bad guys” paying?
Who do you think are more likely to use the vuln/exploit on regular everyday users? The nation state people are going to use it on targeted persons/groups (typically) while the "bad guys" are going to use it so they get the greatest bang for their buck.
Or the nation state uses it against everyone in a dragnet operation? Also, specifically targeted people by nation states often are "regular everyday users". They just happened to draw the ire of the wrong person.
When I was in highschool in the late 90’s, I was really into exploring networks and systems I wasn’t supposed to be in, but it was always about learning technology for me. I found this tool to be extremely creepy.
I discovered that my local ISP had the finger port open on their dialup gateway. Since usernames were first letter + last name I could look up any ip addresses I found in my local firewall logs basically by name.
I saw someone trying to connect to this port and knew exactly who was scanning for this and eventually found a honeypot listener that would allow attackers to connect, but let you control the data sent back. I can’t remember exactly what I sent, but I called out the attacker by name when he connected to my machine and he never scanned me again
