Question About TPM Autodecrypt
Laser @ Laser @feddit.de Posts 0Comments 309Joined 2 yr. ago
Laser @ Laser @feddit.de
Posts
0
Comments
309
Joined
2 yr. ago
There also needs to be a differentiation between different levels of pain. The case like you described seems like one where opioids are warranted. An opioid addiction is the lesser of two evils here. But if someone has chronic back pain because they sit all day and are overweight (not trying to shift blame here), opioids are an overkill and all painkillers can only be stopgap measures to tackle the root issues.
This old trope
In fact tech has always been a very deflationary sector (as in the longer you wait, the more you get for your money) yet it's pretty profitable. Nobody would ever get a phone by that logic
I always install Simon Tatham's puzzle collection on all my devices, if you can look past the dated UI, there are a ton of good games in there
In defense of systemd-resolved, it's meant for static configurations. I absolutely love it for my stationary machines for its simplicity and tooling. However, for machines that might need to change settings at one point - say notebooks - I'd never consider it. Same for systemd-networkd.
It's nice to configure your programs similar to the rest of your system (a lot of programs have modules in home-manager), on the other hand using home-manager always feels somewhat iffy to me because some configurations require root commands to apply your user configuration changes, or you're missing out on certain home-manager features like using global packages I think.
It was if you pretend anything before service pack 1 didn't happen, I saw so many infected machines back then it wasn't even funny. And I guess the more professional users saw it as a downgrade from Windows 2000.
it wouldn't be the first time a Windows version bombs so bad in favor of its predecessor that they have to roll things back immediately, so we have a pretty clear picture of what that would look like.
The question is, would they care? End user business is a rather small position on their balance sheet I'd guess, it's rather big support contracts and Azure. Let the individual users complain for a while, they've eaten all the shit over the years anyways, they'll swallow another turd. My current employer justified switching from a Linux based system to Windows which took huge efforts with huge amounts of copium ("they've given in and understood our demands!") yet I bet more issues will arrive when Windows 10 support expires.
Businesses won't switch anyways, they never did in huge numbers, and private users are good at complaining and sometimes even holding out on old versions but once storage gets encrypted by ransomware that got in through unpatched security flaws in their no longer supported version of Windows, they'll pay up anyways.
But I guess MS just says this idea out loud now so that people can get enraged and then they'll do something less shitty and everyone will be like "we won! There's no subscription!"
Enshittification referred to products and services that were previously good
That's a DVD
It's especially disingenuous because removing a post by definition isn't censorship, but one could argue that only allowing comments by flaired users is much closer to it.
You're actually right that it seems to use parts of it:
It uses low-level mechanisms from the Nix package manager, but packages are defined as native Guile modules, using extensions to the Scheme language—which makes it nicely hackable.
As such, the packages look largely different:
(define-public hello
(package
(name "hello")
(version "2.10")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/hello/hello-" version
".tar.gz"))
(sha256
(base32
"0ssi1wpaf7plaswqqjwigppsg5fyh99vdlb9kzl7c9lng89ndq1i"))))
(build-system gnu-build-system)
(synopsis "Hello, GNU world: An example GNU package")
(description
"GNU Hello prints the message \"Hello, world!\" and then exits. It
serves as an example of standard GNU coding practices. As such, it supports
command-line arguments, multiple languages, and so on.")
(home-page "https://www.gnu.org/software/hello/")
(license gpl3+)))
vs
{ callPackage
, lib
, stdenv
, fetchurl
, nixos
, testers
, hello
}:
stdenv.mkDerivation (finalAttrs: {
pname = "hello";
version = "2.12.1";
src = fetchurl {
url = "mirror://gnu/hello/hello-${finalAttrs.version}.tar.gz";
sha256 = "sha256-jZkUKv2SV28wsM18tCqNxoCZmLxdYH2Idh9RLibH2yA=";
};
[...]
meta = with lib; {
description = "A program that produces a familiar, friendly greeting";
longDescription = ''
GNU Hello is a program that prints "Hello, world!" when you run it.
It is fully customizable.
'';
homepage = "https://www.gnu.org/software/hello/manual/";
changelog = "https://git.savannah.gnu.org/cgit/hello.git/plain/NEWS?h=v${finalAttrs.version}";
license = licenses.gpl3Plus;
maintainers = [ maintainers.eelco ];
mainProgram = "hello";
platforms = platforms.all;
};
})
Also note that NixOS' repository is one of the biggest among all distributions while Guix System only hosts free software.
It's "inspired" by Nix, but they're otherwise not related in any way.
systemd-boot is basically gummiboot with an interface to systemd so that the latter can get information on boot time in firmware and stuff. I prefer a boot loader instead of Efistub because it allows easier configuration of boot options etc. but it just comes down to personal preference
First, I'd personally always opt for systemd-boot instead of GRUB when I have the choice. GRUB is just very complex and systemd-boot rather simple.
Getting Secure Boot to work isn't always trivial, especially since mainboards and TPMs don't always document how enrolling your own keys works.
What do you mean by that? TPM and Secure boot do not manage encryption, but rather authentication and key management aspects. You still need an unencrypted UEFI partition storing your EFI binaries. This partition is always readable by an attacker, however any changes to binaries will make booting fail. Also no secrets should be stored here.
yEnc isn't a cipher, but rather an encoding for mapping binary to text, similar to base64 (but much more effective). So this denotes yEncc encoding.
The files you're seeing are PAR2 files, which are used for repairing. They're useless without the base file. The file in your example contains 32 recovery blocks. That means if your base file has 32 or less damaged blocks, this parity file can repair it.
Usually, you'd download all files belonging together in a single download and let your downloader do the rest. This is normally done by loading an NZB file that you either get from a Usenet search engine or an indexer.
things that do not work, and not minor edge cases either but major features like screen recording, games
Sure thing. I use Wayland exclusively and have been able to play and stream games no problem. Screen capture, window capture, both work. So I don't know where these comments are coming from nowadays.
one of two major graphics cards vendors
Let me just take this opportunity to say Nvidia can get fucked, I can't wait for the entertainment Linux 6.6 will bring.
remote desktop
Yeah. On the other hand, providing the desktop functionality over network is kind of an edge case: it makes sense to me to keep it out of the core protocol, otherwise even systems that don't even have network access would need to include it if they implement the Wayland protocol. Nobody is stopping anyone to develop a protocol for secure remote input.
significant applications not working
If your significant application includes e.g. Microsoft Word or Adobe Photoshop, X11 won't help you either.
Today I can install any game, any application on Linux and know it works with X11, no ifs, no “only on that vendor”, no “only on the latest unreleased bleeding edge version”. Why should I give that up for years of Wayland pain just to get back to where I started minus the things Wayland will never implement like network transparency.
I don't have a single case here where something works on X11, but not on Wayland. Except for my old Nvidia Optimus card, but that's so old it doesn't even work properly under Xorg anymore it feels like. But since I don't game on it anymore it doesn't matter, chip is 10 years old at this point and I just don't buy Nvidia anymore.
You're most likely not using X11 network transparency anyways. At first approximation, no one is. What most people rather do is forward X over SSH. For Wayland, waypipe exists and covers the same use case.
Dude, why are you so annoying about this topic? sway is a very good tiling window manager that IIRC two years ago was able to do things X11 based window managers will never be able to (different VRR on multiple monitors) and its basically the reference manager for wlroots, a library implementing the Wayland functionality. I've been using Wayland exclusively since about 2021 and I can say all my stuff now works better than under X11. Does it mean everything under the sun works better or is possible? Probably not, but at the same time, the people putting in the work have decided that the old concept was no longer maintainable for them and no one else is willing to pick it up.
This is not how this works. The bits are never decrypted on your disk / partition. If that was the case, a power loss would leave your device decrypted as well, and that is something a potential attacker might have control over.
What actually happens is that encrypted data is read from disk by the CPU, decrypted by the CPU and then written to RAM unencrypted. Unencrypted data should NEVER be written to non-volatile memory (the necessary exceptions, like the boot image, apply).