i don't get people who insist on powering their computer down (re: post complaining about the new mac mini having a silly location for the power button)

anxious bigender dudebro

some people seem to have strong opinions on this and i just don't get it

it's just "suspend, but worse", it's still shutting off power to a bunch of stuff, the only practical difference is whether it continues to refresh dram, why wouldn't you want that?

Asta [AMP]

@[email protected] to be fair, that assumes the software stack is working properly for the hardware and optimized for it. I have a dell laptop with a tiger lake CPU and they basically totally redid what sleep states were enabled and it's shit, battery life wise.

Also, I replaced the CMOS battery on my desktop but suspend still fucks up the clock so I generally do shut it down rather than relying on suspend like I would like. I'm assuming maybe there's something damaged on the motherboard or something.

But when the hardware and software are working properly, I definitely prefer sleep/suspend.

anxious bigender dudebro

@aud yeah i guess i just haven't personally seen these kinds of bugs in years. i may just have gotten lucky, i don't buy computers often so i've really only had a handful of machines since the era when suspend was an unreliable mess

but yeah i've just not had a machine that couldn't suspend reliably since college, including random kinda old cheap laptops

Asta [AMP]

@[email protected] I can't imagine this even applies to like, nation-state-paranoid-hacker-security-levels, but I feel like suspend as a rule would also make a "cold boot attack" easier, right? In that the memory is kept from going stale.

but like, I literally can't imagine what level of security and what type of risks are at stake to consider this a necessary thing to defend against.

(wiki link for anyone reading who hadn't heard of a cold boot attack before, which was me a few months ago: https://en.wikipedia.org/wiki/Cold_boot_attack also, shoutout to William Gibson for including this as a very very minor thing in Neuromancer)

Asta [AMP]

@[email protected] honestly, yeah, I was super fucking disappointed when I realized it was basically going full bore power drain on suspend. It's gotten better with patches and newer linux versions but I foolishly thought "sleep" was a thing that had been solved.

Of course, webcams were also 'solved' in a lot of ways and my god did Intel find a way to fuck that up, so maybe that's just an Intel thing.

anxious bigender dudebro

@aud oh yeah see i just don't care about security :blob_tonguewink:

anxious bigender dudebro

@aud oh webcams have always been a source of pain for me

there've been good ones for years but there never stopped being bad ones

Asta [AMP]

@[email protected]

you, walking into your office, seeing me elbow deep in your desktop with thermo gloves and goggles on, freezing and unsocketing your RAM: "aw shit"

Asta [AMP]

@[email protected] intel: "what if... what if they weren't connected via an internal USB type interface... but instead something proprietary? oh ho ho, intel, you're a genius"

Irenes (many)

@aud @x4nw people with that threat model (hi) should be making sure high-impact credentials never live in RAM on user-facing machines.

unfortunately, servers do not have that luxury since they must be able to do unattended operations. servers also do not have the luxury of turning off. so in the final analysis, suspend is not highly relevant.

Irenes (many)

@aud @x4nw (we do think that anyone involved in political organizing should up their threat model, to the extent that they can do so practically.)

Asta [AMP]

@[email protected] @[email protected] I have my server encrypted, but then it's up for 99% of the time anyway, so sometimes I just have to grumble and walk over to the headless machine, plug in a keyboard, type in the password, hit enter, then see if the IP pops up on my router. I'm like, hm. I suppose it's a defense against a raid (which I wouldn't be targeted for anyway) or a smash and grab and it's easy so good, but considering the server is usually on there are definitely other ways to nab the data.

Asta [AMP]

@[email protected] @[email protected] (100% agreed. Shit, I think even talking about politics you should increase your threat model to a certain extent. It doesn't matter that you've said perfectly 'benign' things).

I used to give this advice to people going to protests when I could but like, you're not worried about the machine learning capabilities of today, you're worried about the machine learning capabilities of tomorrow. It's the same for the legal framework. Although to be fair, if they've changed the laws to retroactively make what you said punishable, the legal framework is so fucked that they probably don't need to come up with anything legit to get rid of you.

Irenes (many)

@aud @x4nw yes. governments, even supposed democracies, do not ignore political activity. the relevant agencies would be neglecting their core mission if they did.

we should all, as activists, hope that we will never get to know to what extent we personally are a focus of attention. we shouldn't be fear-driven about it; knowledge and planning are the antidotes to fear. once we've put in that work, we should try to put it out of our mind... but we should do the work first.

Asta [AMP]

@[email protected] @[email protected] still. "Cover up your identifying features!" is always a good idea. You don't want to be the signal in the noise.

Asta [AMP]

@[email protected] @[email protected] this is sort of unrelated but it's also why I'm quite visibly trans (well that and I can't hope to pass lmao (also passing is a toxic concept but we don't have to get into that here)). Like, come at me fuckers. I am who I am. If it's a problem, I will not regret having been myself and speaking my mind and trying to do the work I do and voicing what is important to me.

Asta [AMP]

@[email protected] @[email protected] (this makes me sound cooler than I am but mostly it just seems to make me unemployable as tech companies are not currently hiring outspoken bitches)

Irenes (many)

@aud @x4nw yes. we flatter ourselves that that this ongoing capital strike in the industry may be partly an attempt to demotivate and intimidate labor organizers. to whatever extent that may be true, sorry about that.

Asta [AMP]

@[email protected] @[email protected] well, I'm hardly a labor organizer (although I was probably considered an agitator as I did openly say pro-union stuff on the GitHub slack).

Actually, I'm sure they viewed me as an agitator or instigator because I would openly talk about the importance of labor organizing on giving employees the ability to push back against contracts and work that are socially damaging or, you know, war crimes. They really, really do not like that, I suspect.

Irenes (many)

@aud @x4nw yeah, like, if you do things that need a server, you do things that need a server.

at that point, from the defender's side the next port of call (... on the metaphorical pilgrimage to accepting any remaining risks and welcoming the inevitability of death into your heart, we guess....?) is data minimization, minimum necessary privilege, all that stuff.