i don't get people who insist on powering their computer down (re: post complaining about the new mac mini having a silly location for the power button)
-
anxious bigender dudebroreplied to Asta [AMP] last edited by
@aud yeah i guess i just haven't personally seen these kinds of bugs in years. i may just have gotten lucky, i don't buy computers often so i've really only had a handful of machines since the era when suspend was an unreliable mess
but yeah i've just not had a machine that couldn't suspend reliably since college, including random kinda old cheap laptops
-
Asta [AMP]replied to anxious bigender dudebro last edited by
@[email protected] I can't imagine this even applies to like, nation-state-paranoid-hacker-security-levels, but I feel like suspend as a rule would also make a "cold boot attack" easier, right? In that the memory is kept from going stale.
but like, I literally can't imagine what level of security and what type of risks are at stake to consider this a necessary thing to defend against.
(wiki link for anyone reading who hadn't heard of a cold boot attack before, which was me a few months ago: https://en.wikipedia.org/wiki/Cold_boot_attack also, shoutout to William Gibson for including this as a very very minor thing in Neuromancer) -
Asta [AMP]replied to anxious bigender dudebro last edited by
@[email protected] honestly, yeah, I was super fucking disappointed when I realized it was basically going full bore power drain on suspend. It's gotten better with patches and newer linux versions but I foolishly thought "sleep" was a thing that had been solved.
Of course, webcams were also 'solved' in a lot of ways and my god did Intel find a way to fuck that up, so maybe that's just an Intel thing. -
anxious bigender dudebroreplied to Asta [AMP] last edited by
@aud oh yeah see i just don't care about security :blob_tonguewink:
-
anxious bigender dudebroreplied to Asta [AMP] last edited by
@aud oh webcams have always been a source of pain for me
there've been good ones for years but there never stopped being bad ones
-
Asta [AMP]replied to anxious bigender dudebro last edited by
@[email protected]
you, walking into your office, seeing me elbow deep in your desktop with thermo gloves and goggles on, freezing and unsocketing your RAM: "aw shit" -
Asta [AMP]replied to anxious bigender dudebro last edited by
@[email protected] intel: "what if... what if they weren't connected via an internal USB type interface... but instead something proprietary? oh ho ho, intel, you're a genius"
-
@aud @x4nw people with that threat model (hi) should be making sure high-impact credentials never live in RAM on user-facing machines.
unfortunately, servers do not have that luxury since they must be able to do unattended operations. servers also do not have the luxury of turning off. so in the final analysis, suspend is not highly relevant.
-
-
@[email protected] @[email protected] I have my server encrypted, but then it's up for 99% of the time anyway, so sometimes I just have to grumble and walk over to the headless machine, plug in a keyboard, type in the password, hit enter, then see if the IP pops up on my router. I'm like, hm. I suppose it's a defense against a raid (which I wouldn't be targeted for anyway) or a smash and grab and it's easy so good, but considering the server is usually on there are definitely other ways to nab the data.
-
@[email protected] @[email protected] (100% agreed. Shit, I think even talking about politics you should increase your threat model to a certain extent. It doesn't matter that you've said perfectly 'benign' things).
I used to give this advice to people going to protests when I could but like, you're not worried about the machine learning capabilities of today, you're worried about the machine learning capabilities of tomorrow. It's the same for the legal framework. Although to be fair, if they've changed the laws to retroactively make what you said punishable, the legal framework is so fucked that they probably don't need to come up with anything legit to get rid of you. -
@aud @x4nw yes. governments, even supposed democracies, do not ignore political activity. the relevant agencies would be neglecting their core mission if they did.
we should all, as activists, hope that we will never get to know to what extent we personally are a focus of attention. we shouldn't be fear-driven about it; knowledge and planning are the antidotes to fear. once we've put in that work, we should try to put it out of our mind... but we should do the work first.
-
@[email protected] @[email protected] still. "Cover up your identifying features!" is always a good idea. You don't want to be the signal in the noise.
-
@[email protected] @[email protected] this is sort of unrelated but it's also why I'm quite visibly trans (well that and I can't hope to pass lmao (also passing is a toxic concept but we don't have to get into that here)). Like, come at me fuckers. I am who I am. If it's a problem, I will not regret having been myself and speaking my mind and trying to do the work I do and voicing what is important to me.
-
@[email protected] @[email protected] (this makes me sound cooler than I am but mostly it just seems to make me unemployable as tech companies are not currently hiring outspoken bitches)
-
-
@[email protected] @[email protected] well, I'm hardly a labor organizer (although I was probably considered an agitator as I did openly say pro-union stuff on the GitHub slack).
Actually, I'm sure they viewed me as an agitator or instigator because I would openly talk about the importance of labor organizing on giving employees the ability to push back against contracts and work that are socially damaging or, you know, war crimes. They really, really do not like that, I suspect. -
@aud @x4nw yeah, like, if you do things that need a server, you do things that need a server.
at that point, from the defender's side the next port of call (... on the metaphorical pilgrimage to accepting any remaining risks and welcoming the inevitability of death into your heart, we guess....?) is data minimization, minimum necessary privilege, all that stuff.
-
-
@[email protected] @[email protected] brilliant career move to do that without other employees backing you, for the record.