Badabinski

neovim to the rescue.

Wireguard was written with the explicit goal of having sane, secure defaults. I totally feel you w.r.t. openvpn or ipsec, since it's easy to do something wrong. Wireguard is much easier because it simply refuses to give you the choice to do things incorrectly.

w.r.t. the certificate thing, you could set up a reverse proxy and do HSTS to ensure nobody can load up a rogue CA on your devices. HSTS has the issue that SSH has (trust on first use or whatever it's called), but you just need to make sure nobody is MITM you for that first connecting and then you'll be good to go. This would let you use a self-signed certificate if you do desired.

I was concerned about what happens when someone accidentally throws away a device with a fresh battery, but this:

The BV100 harnesses energy from the radioactive decay of its nickel-63 core. The two-micron thick core, sandwiched between two 10-micron thick diamond semiconductors

makes me feel a bit better. That really isn't much radioactive material. Still, it'd be good to see some environmental impact studies done in some worst case scenarios.

Huh, sounds like a neat twist on the accelerator driven subcritical reactor. I've no idea what the viability will be, but it also seems like a nice way to generate useful isotopes for nuclear medicine and shit.

EDIT: ah, it's actually a pretty old idea, it predates the accelerator reactor concept by quite a bit.

Possibly incorrect summary: Android is moving from a bazaar development style to a cathedral development style if I understand it correctly.

For people like me who lack context:

Authelia is an open-source authentication and authorization server and portal fulfilling the identity and access management (IAM) role of information security in providing multi-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for common reverse proxies.