Set up an Asterisk box and connect it to a SIP trunking service (like Twilio or a bunch of other similar providers) to make and receive regular phone calls. Use the same provider to separately send and receive text messages (via the provider's web API). With a little elbow grease, you can replicate all the features of Google Voice using that (plus have a lot more possibilities for customization and automation).
The downside is that while you can get a basic set-up done over a weekend, it will probably take you much longer to actually get everything set up to your liking (and you'll probably need to do a lot of background reading and research just to figure out what you want to set up, how it all fits together, etc).
Yes. You can use a combination of the built-in passkey support on some of your devices (like the platform authenticators built into iOS, macOS, Windows, and Android), external hardware security keys (like YubiKey, Nitrokey, OnlyKey, etc), and/or third-party software-based authenticators (such as 1password).
Passkeys are not like passwords, where you typically register a single username+password combination for each account you use. Passkeys are more like SSH keys, where you typically register multiple SSH keys for each account you use, one for each device from which you want to access the account.
If you only use a single device or platform, it's possible to register just a single passkey for each online account you use. Even so, most technical-savvy folks will want to register at least two passkeys for each of their important accounts (to at minimum have at least one backup authenticator in case they loose access to the primary authenticator). And for accounts that you regularly access from different devices, if you find it convenient to use the built-in platform authenticator on each of those devices, you would register a separate passkey for the same account on each device.
The FAQ section of this page might help clear up some of the questions you have about passkeys:
Or you can use an external hardware security key; the latest versions of most security keys (like YubiKey 5, Nitrokey 3, etc) support Passkeys. Passkeys are basically just U2F 2.0, allowing you to use an asymmetric key pair as the first factor instead of the second.
Thanks for that, Yubikey notes that you cannot copy passkeys (this is good!), but now I'm wondering if I can have multiple passkeys (for a backup key)...
Yes, that's the CVE referenced by the Phoronix article and the oss-security post. The researchers coordinated their disclosure with the security teams from the major Linux distros, so packages with the fix should be available for most of them today.
"Makes money" in the sense that someone will pay some money for it, absolutely. "Makes money" in the sense that it will adequately compensate you (and your collaborators), almost certainly not.
Most successful businesses take years to build (at which point they suddenly look like an overnight success to outside observers). But you can definitely prove out the concept for a product (or several) in six months -- and decide then if it's worth continuing to pursue, or if it's time to go back to a paying job.
The tech industry as a whole is really diverse -- what you see in the news or promoted on Twitter, Facebook, etc is just a small part of it. Some parts of the industry are male-dominated, but there are lots of sectors and companies that aren't -- particularly if you step outside of Big Tech.
Comments aren't outdated. Obvious code doesn't need to be commented, and code should be written to be obvious where possible.
But where it's not possible to write obvious code, it should have comments explaining _why_ the code is doing what it's doing. Usually this will include references to external sources like issue trackers and software-design documents, or at least to other parts of the code.
Also, really hairy bits of code (like multi-page functions etc) often need comments just to explain what the heck it does (but in that case, it should also include an explanation of _why_ it's so hairy, and the ramifications to making changes to it).
_The Mythical Man-Month_ is still worth a read, although many of its insights that were super hot takes 50 years ago have been pretty much adopted into the mainstream.
Passkeys are better than really strong passwords: Passkeys' killer feature is that they are phishing-resistant. Phishing isn't just for "stupid people" -- even people who are quite careful with their security hygiene are susceptible to being phished in the right situation.
I empathize with your anxiety about losing a physical security device. I feel the same anxiety about losing access to my password manager. What helps me manage my anxiety is having a solid backup framework. The same applies to physical security devices -- having additional backup passkey devices help make me feel more comfortable that I'm not going to lock myself out of anything important.
> What helps me manage my anxiety is having a solid backup framework. ... having additional backup passkey devices help make me feel more comfortable that I'm not going to lock myself out of anything important.
Sure, but I'm wondering can you expect that from the average person?
I'm almost certain 99+% of people will be overburdened with this whole idea of setting up a backup framework etc, let alone have any idea about it.
This is why I feel like the whole thing mostly caters to tech aficionados.
Normal people can use Apple- or Google-provided cross-device Passkeys synchronization. You don't have to manage your own Passkeys if you don't have the wherewithal to do so.
Passkeys are a win for the tech-savvy because of phishing protection; and they're a win for non-tech-savvy people (and everyone who provides tech-support for them) because they don't have to worry about managing their own passwords anymore.
Sure, but in America, anybody can sue anybody for anything. Your lawyers are of course right that having a clause in a software license disclaiming all liability for its use could be helpful in your defense -- but it's not an ironclad guarantee that you will not be sued or even found liable for your contributions in the event that it causes some kind of catastrophe. If this is a major concern for you, you should probably avoid contributing to FOSS altogether.
However, if you don't own the software and don't distribute the software and don't have any other kind of relationship with the users of the software, it's likely going to require the plaintiff to demonstrate particularly egregious conduct on your part in order for a court to find that you have some liability for damages arising from the use of the software. But YMMV.
The downside is that while you can get a basic set-up done over a weekend, it will probably take you much longer to actually get everything set up to your liking (and you'll probably need to do a lot of background reading and research just to figure out what you want to set up, how it all fits together, etc).