douglasg14b @ douglasg14b @lemmy.world

Posts

11

Comments

948

Joined

2 yr. ago

The operative word, which you quoted, is "relatively".

Because it's relevant? Is this not factual information that readers may or may not have known?

The availability of hardware changes by a not-negligent degree based on the legality of acquiring it.

Curious readers likely find information indicating that these shouldn't be readily available at your local big box store to be pertinent information.

Sounds like a nightmare for security, and a dream for attackers.

More companies need to do this, solid job security.

I love the Linux bros coming out of the woodwork on this one when this could have very well have been Linux on the receiving end of this shit show. Given that it's a kernal level software issue, and not necessarily an OS one.

It's largely infeasible to use Linux for many, most, of these endpoints. But facts are hard.

No, still a shit show at airports at the time of writing.

Lots of kiosks, screens, and other devices still show BSODs in airports. Systems still slow and unstable.

Likely similar in other industries.

To be fair this seems to be the sentiment on most Linux and linux-ancillary forums.

Which while wrong and ignorant on multiple levels, seems on brand none the less.

Lol good fuckin luck.

In a corporate environment you just aren't getting what you need out of Linux that you don't of windows for many of the kinds of endpoints affected.

How do you deal with places with thousands of remote endpoints??

In house.

Depends. Our engineering slack (Few thousand members) doesn't contain secrets for a few reasons:

1. Secret scanning
2. We have a /secret bot that will take your secret, store it securely, and then present a GUI for each person with access to display that secret "for just that person". And then after a set period of time it's made inaccessible, and wiped from the infra.
3. Training and knowledge transfer on secret security

This has been incredibly effective. Especially the secret bot.

Turns out that the problem with people sharing secrets is just a matter of convenience. If you make a secure way convenient then everyone tends to just use it by default.

Just because it's not marketed doesn't mean it's not offered

Your logic isn't making sense.

The code would end up somewhere for others to use...? What?

One-off products or beta offerings are often kept private, sometimes indefinitely.

Lol, you think democracy voters are now going to vote for the rapist with 34 felonies?

Uh... Yes?

They don't care. They only care about voting along party lines.

Literally every single Republican that I know even the left leaning ones and even the ones who are going to be immediately and purposefully harmed by a Trump administration are still voting for Trump.

It's insane.

Doesn't matter if your first second or 5th.

You're going to get the camp treatment anyways.

We don't learn from history.

First they came for the socialists, and I did not speak out—because I was not a socialist.

Then they came for the trade unionists, and I did not speak out—because I was not a trade unionist.

Then they came for the Jews, and I did not speak out—because I was not a Jew.

Then they came for me—and there was no one left to speak for me.

—Martin Niemöller

And now you know why he's donating to the Trump campaign.

Because with the shift of power with project 2025 he can actually do this.

Yes but it pushes it to an operating system level and that means everyone wins as the operating system solutions to improve as vulnerabilities are found and resolved.

You also don't need rce access to exfiltrate data. If decrypted keys are held in memory, that mitigates an entire class of vulnerabilities from other applications causing your private chats from leaking.

Full disk encryption is not a solution here. Any application that's already running which can provide read only file system access to an attacker is not going to be affected by your full disk encryption.

They don't necessarily need RCE access.

Also this isn't how security works. Please refer to the Swiss cheese model.

Unless you can guarantee that every application ever installed on every computer will always be secure under every circumstances then you're already breaking your security model.

An application may expose a vulnerable web server which may allow read only file system access without exposing the user to any direct control of their computer from an attacker. Now your lack of security posture for your application (signal) now has a shared fate to any other application anyone else built.

This is just one of many easy examples that are counter to your argument here.

That's literally how a stutter works my man.

The wrong words come out sometimes even if you know what you were about to say.

This seems to be the case here as evidenced by the rest of the press conference being smooth as butter.

But no one seems to care how well things went when you have single phrase fuck up early on. Answering questions effectively and intelligently later on means nothing when you can focus on something that brings in drama points for your average voter to suck on ...

I know and then he carried on with the rest of the press conference pretty damn eloquently when it came to unscripted questions.

Get all the media wants to focus on is a train of thought fuck up.

I do this shit all the goddamn time, does this mean I am old and decrepit? Senile? No it just means that I fuck up words periodically.

Unfortunately American voters only want one thing, red or blue, and that's drama. Which is asinine.

This is exactly it. Reddit right now is what our society is like. This is the lowest common denominator.

EVERY forum and community online will always approach the lowest common denominator as it's size grows. This has always been the case on reddit, where niche communities lose their niche to the lowest common denominator.

The only way to avoid this is active moderation, clear quality expectations, and a strong stance on what does and does not belong in a community.