Dran @ Dran_Arcana @lemmy.world

Posts

0

Comments

472

Joined

2 yr. ago

The "problem" is that the more you understand the engineering, the less you believe Intel when they say they can fix it in microcode. Without writing an entire essay, the TL/DR is that the instability gets worse over time, and the only way that happens is if applied voltages are breaking down dielectric barriers within the chip. This damage is irreparable, 100% of chips in the wild are irreparably damaging themselves over time.

Even if Intel can slow the bleeding with microcode, they can't repair the damage, and every chip that has ever ran under the bad code will have a measurably shorter lifespan. For the average gamer, that sometimes hasn't even been the average warranty period.

I do generally believe actions are worse than words. But as with all things, there should be nuance here.

Are you maybe thinking of https://distr1.org/ made by the i3 guy?

That's... not remotely true? Linux can absolutely install kernel drivers. If you mean running windows games under wine then sure, but then we're no longer talking apples:apples. You could do the same thing on windows by running a game in a VM.

This is correct, as in windows a driver is the most straightforward method to runlevel0 access. It absolutely could at any time do exactly what crowdstrike did. But also so could Nvidia/amd with GPU drivers, your motherboard manufacturer with chipset and RGB drivers, etc. it's not quite the smoking gun people make it out to be, as there are a lot of legitimate reasons to have this kind of system access.

The egregious part was that crowdstrike users agreed to allow a vendor to bypass canary channels and deploy straight to their endpoints.

Yes and no. In the best case, endpoints have enough cached data to get us through that process. In the worst case, that's still a considerably smaller footprint to fix by hand before the rest of the infrastructure can fix itself.

With enough _autism in your overlay configs, sure, but in my environment tat leakage is still encrypted. It's far simpler to just accept leakage and encrypt the OS partition with a key that's never stored anywhere. If it gets lost, you rebuild the system from pxe. (Which is fine, because it only takes about 20 minutes and no data we care about exists there) If it's working correctly, the OS partition is still encrypted and protects any inadvertent data leakage from offline attacks.

We do this in a lot of areas with fslogix where there is heavy persistent data, it just never felt necessary to do that for endpoints where the persistent data partition is not much more than user settings and caches of convenience. Anything that is important is never stored solely on the endpoints, but it is nice to be able to reboot those servers without affecting downstream endpoints. If we had everything locally dependant on fslogix, I'd have to schedule building-wide outages for patching.

Separate persistent data and operating system partitions, ensure that every local network has small pxe servers, vpned (wireguard, etc) to a cdn with your base OS deployment images, that validate images based on CA and checksum before delivering, and give every user the ability to pxe boot and redeploy the non-data partition.

Bitlocker keys for the OS partition are irrelevant because nothing of value is stored on the OS partition, and keys for the data partition can be stored and passed via AD after the redeploy. If someone somehow deploys an image that isn't ours, it won't have keys to the data partition because it won't have a trust relationship with AD.

(This is actually what I do at work)

that is not and has never been my supposition

I never said I disagreed, just that reality isn't always congruent with equity and fairness.

Show me better data and I'd be glad to.

You're making a lot of assumptions about my choices. I choose to live well below my means because I don't want this to happen to me. I don't have pets, despite wanting them. I didn't buy a nice house on an expensive loan; I rent a small crappy place in a decently safe area. I don't buy cars on loans, I fix them myself until I need to buy a new one in cash.. I live as if I make half as much as I do, and have done so since working my way through school.

She should be making 40+/HR for what she does. Hard work out in the sun all day is brutal and should be adequately compensated. But until society figures it's shit out, people have to be willing to make hard choices. It can be done, it's just hard and people generally don't like making hard choices.

I'm just operating on the information I was given. In a vacuum, all other things being equal, animals are a net cost, one she clearly cannot afford. I'm not speculating any more than that.

I would criticize anyone wasting money on an animal while living so close to their means that homelessness could conceivably be in their near future. Sometimes you have to make choices you don't want to; she probably never had the means to support those animals. The argument isn't that she should get rid of them, it's that she never should have had them in the first place. Animals are expensive, and I also wonder what she could do now if she had all the money she spent on them over the years of ownership.

To be clear, I'm not advocating for $20/hr being considered a livable wage. Disney should be ashamed. Anyone working a full time job should be able to afford a pet if they want one. I just also believe in personal accountability.

Endpoint is any PC/laptop/sign/POS/etc. It's a catchall term for anything that isn't a server. it basically refers to any machine that might be logged into and used by a non-IT user.

I've heard anecdotally that some 911 services were down in my area, but I can't speak to how wide that was.

Those people exist

can confirm; am a small government fiscal conservative who thinks gays are people.

I think the vision was what Motorola delivered briefly a decade ago with webtop. The original version of it was a chrooted lubuntu with full access to apt, and custom applications that let you render your phone, or phone apps as an application. It was powerful enough to get me through my first 3 years of a computer science program in college with a lapdock as my primary "computer". (Think a brainless laptop, that you dock your phone into)

https://arstechnica.com/gadgets/2011/03/motorola-atrix-the-ubuntu-powered-webtop-experience/

When they moved from android 2.3 to 4.0, they dropped the lubuntu webtop in favor of Android's tablet mode, which was a huge bummer, and what made me get an actual laptop. Outside of gaming, if that were the average computer paradigm today I'd be a happy camper. Why buy two computers when you can buy one instead?

Why are you being downvoted? Is there something I'm missing with the generally accepted reliability of the source or the methodology in the research?