HackerTrans
TopNewTrendsCommentsPastAskShowJobs

devops99

no profile record

comments

devops99
·2 lata temu·discuss
[dead]
devops99
·2 lata temu·discuss
[dead]
devops99
·2 lata temu·discuss
[dead]
devops99
·2 lata temu·discuss
[dead]
devops99
·2 lata temu·discuss
[dead]
devops99
·2 lata temu·discuss
Did Spafford threaten the neighbors directly?

In a legal context, and also the real world sans a legal context, words do have meaning and words do matter. I don't see anything in the article that Spafford terrorized anyone.

Whether Spafford intended to terrorize anyone in the future is another matter, and a matter of legitimate and serious concern. But we must not confuse this with "terrorized" (past tense) if we are going to discuss the matter in a sane and sober way.
devops99
·2 lata temu·discuss
Thank you for prompting attention to the switcheroo.

This angle of attack is generally unheard of, but should be considered. I can think of some mitigations that can work.

Tamper-evident materials are well-known by the crowds that will target users. There are many criminals among us, so many that those who don't have criminal psychology have a hard time wrapping their mind around it. Given this, I am cynical, and every defense within reasonable cost should be leveraged.
devops99
·2 lata temu·discuss
Why "fight the bots" anyway? If software that is acting out the will of some humans somewhere is retrieving static contents, what's the big deal?
devops99
·2 lata temu·discuss
[dead]
devops99
·2 lata temu·discuss
This here is a stronger motivator than any other motivator mentioned in all other comments posted. And "journalist" will include anyone who has the "wrong" memes on their machine.
devops99
·2 lata temu·discuss
The more inexpensive option of the newer Trezor wallets and "login PIN" as an optional alternative to a password that also works, seems to be the best option (that I have seen so far).

The more recently released Trezor wallets are still new, and Yubikey 5C will probably be used in many places anyway just because of the keyring and no need for the usb-c cable.
devops99
·2 lata temu·discuss
Your hammer is preempted by a teethed hollow point bullet to the face (in the hypothetical scenario, of course).
devops99
·2 lata temu·discuss
> vs. FDE with a boot key stored in some cloud service secured with the user's password instead of a TPM

Without secure boot (backed by TPM), I can boot a small USB device that has LEDs on it to indicate to me that the target system has been infected to send me a copy of the target's password, after I already imaged the disk (or when I have another team member steal it or take it by force later).

If there's a UEFI password to access UEFI settings, I can reset it in under 20 minutes with physical access. Some tamper-evident tape on the laptop casing may stop me if I haven't already had a resource intrude into the target's home/office to have some replacement tamper-evident sticker material ready. Very very few places, even some really smart ones, make use tamper-evident material. Glitter+glue tamper-evident seals are something I can't spoof though.

It's not that hard to get into a hotel room. Often enough if a business books a hotel for you it's because they want access to your laptop while you're at lunch with another employee who so kindly suggests to leave your backpack in the hotel room.

disclaimer: all above is fictional and for educational and entertainment purposes only
devops99
·2 lata temu·discuss
I agree. TPM defends against the most likely threat that typical users are facing. And, where users that are individually targeted, the theft/robbery will more often than not be designed to appear "random".

Because TPM sniffers are now at a material cost of about $15 and can be acquired for a price at under $200, more than a TPM is needed for data encryption, especially for users like a CEO. This is why a firm I used to work for encrypted the key that could unlock user data with both TPM plus Yubikey.
devops99
·2 lata temu·discuss
> there is no standardisation in connectors, pinout, or bus type when it's not soldered onto the board. I have three motherboards with plug-in TPMs and each required a different, unique part that was difficult to source.

This should be prohibited by commercial law.
devops99
·2 lata temu·discuss
We have had "FDE" and secure boot with TPM in higher-than-commercial (defense) and the higher end of commercial settings for Linux, BSD, and illumos since TPM 1.2 was available, and I'd have to dig in some places to confirm but probably before Windows did in actual practice anywhere (let alone officially).

Yeah, Debian/Ubuntu, Fedora, etc didn't have this, but as the saying goes: you get what you pay for. Although enough of the Gentoo users (the real Gentoo users) have such a thing had it around that time too, if they wanted it (and they tend to put together what they want).

Some essential context: if you think the "Linux community" is elitist, wait until you see the niche commercial (and higher) players. I'm probably an example of such, to be fair.
devops99
·2 lata temu·discuss
[flagged]
devops99
·2 lata temu·discuss
Common use cases, are, "as a Developer / DevOps practitioner, I want for":

  - a client (company I do contract work for) sees a different source address that is different than the source address I use for casual browsing+posting.

  - two SaaS used for purposes of servicing agreement with "client" don't see the same source IP address as used for other clients.

  - a bank I use, and PayPal, always sees the same source IP address dedicated to my VPN account only and for this purpose.

  - the tunnel (VPN) provider I use for casual browsing+posting does not see the destination IP address of my client's VPN.

  - whatever first-hop ISP I use sees one single Wireguard tunnel and nothing else ever.

  - the first-hop Wireguard tunnel is paid for with a pre-paid debit card, but any outbound TOR traffic is encapsulated by a secondary tunnel paid for with crypto.

  - the TOR circuit used for browsing purpose A is not also shared by browsing purpose B.

  - any arbitrary outbound tunnel is specific to the container or VM I intended to use but doesn't carry, nor has any risk of carrying, any of my other traffic.

Tor is important to me because I have a right to read.

There is no crime within Common Law for any of the above. Nor is there any violation of any statute for which any of the above is, per doctrine of minimum contact (such as with a pre-paid debit card), within jurisdiction of statute.

Perhaps some users do operate with some concern of being "busted", but most users that do outbound network path management do not operate with this concern.
devops99
·2 lata temu·discuss
Those are big words for someone who openly admits to running binary blobs in the kernel of the device carried on-person.
devops99
·2 lata temu·discuss
[flagged]