maltfield

joined 1 year ago
[โ€“] maltfield@monero.town 5 points 1 year ago* (last edited 1 year ago)

I've paid myself nothing so-far. The price just barely breaks-even for the business. There's one-time costs like a few grand for a CNC'd injection mold and assembly jig, but also certification fees, product boxes, cardstock paper for documentation inserts, printing fees, artist commissions, packaging materials, warehousing, shipping, other logistics fees, etc.

All of this is explained in-detail in "The Finances" section here.

I prefer open-source hardware to be designed using common off-the-shelf items that are easily found everywhere in the world. Unfortunately, the one vendor of a USB-A magnetic breakaway couplers decided to EOL their product shortly after I published a guide on how to build your own BusKill cable. After we published, they all got sold-out, and we had to go to manufacturers for a custom component.

Prices would drop dramatically if we could do production runs (and actually sell) >10,000 units at a time. Currently we only sell a few cables per month. If you want to help, please tell all your security-conscious friends about BusKill :)

[โ€“] maltfield@monero.town 2 points 1 year ago

It should only be posted once to this community. It's also been cross-posted to other relevant communities.

[โ€“] maltfield@monero.town 4 points 1 year ago* (last edited 1 year ago) (2 children)

Unfortunately, that's what it costs to make open-source hardware at small-scale.

There's a cheaper $59 cable available or you could build your own.

[โ€“] maltfield@monero.town 8 points 1 year ago* (last edited 1 year ago)

Theft of high-risk users' data. Data could include private keys (eg theft of cryptocurrency assets), contacts of correspondence (eg sources of a journalist -- such as whistleblowers), etc.

For more information, see the Who Uses BusKill? section of the documentation.

[โ€“] maltfield@monero.town 0 points 1 year ago* (last edited 1 year ago)

I'm curious if any security engineers have covered this incident.

Stripe does support generating Restricted API Keys. With "Restricted API Keys" you're able to mint a key that can live on your e-commerce website that has permission to accept payments but does not have permission to modify your merchant account's payout methods (eg adding a new "Instant Payments" debit card to the merchant account as this attacker did).

Unfortunately, I've asked WooCommerce to support Restricted API Keys 1 year ago, but they marked it as "low priority"

...I would appreciate if more people would jump-in on ^ that ticket and scold WooCommerce so that they add support for Restricted API Keys ;)

[โ€“] maltfield@monero.town 3 points 1 year ago

Everything is blocked by beehaw lol

view more: โ€น prev next โ€บ