noride @ noride @lemm.ee

Posts

0

Comments

276

Joined

2 yr. ago

Yeah, guilt can be inferred when pleading the 5th in a civil trial because you are effectively refusing to refute anything said against you.

OP mentioned it so casually, I just assumed I was dumber than usual today.

For what it's worth, I did specifically say ecosystem because the TPM is just one component, which is required to authenticate the remote wipe. Also the drivers are installed automatically with most modern operating systems, it's not like you install your own south bridge driver, for example. Linux of course notwithstanding.

I've seen it used successfully numerous times. Someone steals one of our laptops, rips the drive out, installs vanilla windows, and boom it reboots and performs a wipe.

Regardless, system-on-a-chip are just that, systems; they can absolutely make remote calls without user interaction, just as intimated by the comment you originally replied to.

That really isn't entirely true anymore since the TPM ecosystem came into existence. I can remotely wipe any pc at my company even if it's stolen and reformatted because a hardware chip will phone home the second a compatible os is installed and internet access is available.

It's always so strange to me that we don't see the same bombastic support from the tankies over news like this, surely this is another genius move which underscores the futility of Western sanctions, right? Another 5d chess move to bring Ukraine to it's knees, or dismantle the petrodollar, surely? 🙃

Yeah, if you use your own password cipher, you never have to memorize a password again. Just derive it based on some common input value, like the company name or url. Makes password rotation tricky, though, and it's a pain when a website won't allow a special character you generally use, creating "one offs" that are hard to track.

That's where the term "chain smoking" comes from, one after another all day long.

Fwiw, most modern thermostats have an emergency failsafe temp setting that will always turn the heater on when reached, even if inadvertently set lower by mistake. Saved my bacon in a rental once.

I hope I don't get flayed for saying this, but I actually had this problem on Windows once, and it turned out to be thermal throttling of the CPU. I was going from 4+ghz to around 200mhz and then it would shoot back to normal. Just needed a thorough cleaning of the fans and ducting.

Thought it was worth mentioning on the off chance it might help someone.

Wow. I'd get the marshmallows out so I don't have to get roasted alone.

That makes sense! Believe it or not it's actually easier for an ISP to block a whole country than select websites and services. We actually null route all Russian public IP space where I work, that would absolutely be plausible on a national scale as well.

It's imperfect, you can get around it, but it catches 99% of normal users, which is the goal.

You are absolutely correct, I should have lead with that. Encrypted client handshake means no one can see what certificate you are trying to request from the remote end of your connection, even your ISP.

However, It's worth noting though that if I am your ISP and I see you connecting to say public IP 8.8.8.8 over https (443) I don't need to see the SNI flag to know you're accessing something at Google.

First, I have a list of IP addresses of known blocked sites, I will just drop any traffic destined to that address, no other magic needed.

Second, if you target an IP that isn't blocked outright, and I can't see your SNI flag, I can still try to reverse lookup the IP myself and perform a block on your connection if the returned record matches a restricted pattern, say google.com.

VPN gets around all of these problems, provided you egress somewhere less restrictive.

Hope that helps clarify.

Yeah, even if they miss your DNS request, the ISP can still do a reverse lookup on the destination IP you're attempting to connect to and just drop the traffic silently. That is pretty rare though, at least in US, mainly because It costs money to enforce restrictions like that at scale, which means blocking things isn't profitable. However, slurping up your DNS requests can allow them to feed you false error pages, littered with profitable ads, all under the guies of enforcing copyright protections.

Most ISP blocking is pretty superficial, usually just at the DNS level, you should be fine in the vast majority of cases. While parsing for the SNI flag on the client hello is technically possible, it's computationally expensive at scale, and generally avoided outside of enterprise networks.

With that siad, When in doubt, VPN out. ;)

You're absolutely begging for moisture problems if you put spray foam in there. It should be open exactly like it is, albeit cut closer to the wall. That really won't stop bugs anyway, you're much better off treating the perimeter and plugging exterior access holes.

DO NOT PUT SPRAY FOAM ON YOUR BASEBOARD RADIATORS MAN!!!! They need service occasionally and you are setting yourself up for an absolute nightmare if you get a leak!!!!

Put down diatomaceous earth or a light dusting of boric acid powder into the crack. Problem solved forever.

That's a "floating floor", looks like vinyl plank, it shouldn't be anchored to the walls. I have the exact same setup with my baseboard radiators.