Lemmy shouldn’t have avatars, banners, or bios
- 0 Posts
- 18 Comments
Joined 2 years ago
Cake day: July 3rd, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
I’m shocked at what an unpopular thought this is. Like… If you go out in public, there’s a very real risk that people in public will see you. If that’s a concern you have, then you should take steps to not be seen in public. To me, that would mean not making my presence obvious when visiting a bar.
Camera or not, if people are looking for you, they will find ways to look for you in public places. You should always assume you’re being watched, because you probably already are.
I have such bad things to say about recruiters. They generally don’t have a clue about any of the skills related to the jobs I’m after, and they take a huge cut of the pay the entire time I’m working the job.
On the other hand, the two best jobs (highest pay and best working environment) I’ve had in my career, I got through recruiters, so I acknowledge them as a useful business when it works out. The last one has led to the company buying my contract and hiring me directly for the past 12 years
Generally commercial drive encryption solutions, like Bitlocker, usually has a backup recovery key that can be used to access the encryption key if your TPM is reset, or if your device dies.
So I guess the short answer is most of these solutions don’t fully protect it from being moved to another device, they just add another layer of security and hassle that makes it harder to do. And without the TPM as part of these solutions, you would be entering a 48-character passphrase every time you boot your device, which has several security flaws of its own.
Assuming you use bitlocker on your PC, how do you know the entire content of the TPM (your bitlocker encryption key, etc) cannot be fetched from the TPM by the manufacturer or any third parties they shared it tools and private keys with?
The TPM specification is an open standard by the Trusted Computing Group, and there are certification organizations that will audit many of these products, so that’s a good place to begin.
As with any of the hardware in your device, it does require some amount of trust in the manufacturers you have chosen. These same concerns would apply to anything from the onboard USB controllers to the CPU itself. There’s no way to be absolutely certain, but you can do your due diligence to get a reasonable level of confidence.
And because it is hardware based, how do I as a user know that it does what it claims it does as I would with a software based encryption software that is open source (like truecrypt/veracrypt).
This is a reasonable thing to think about, although very few individuals are qualified to understand and audit the source code of encryption software either, so in most cases you are still putting your faith in security organizations or the community to find issues.
When it comes to security, it often comes with a trade-off. Hardware devices can achieve a level of security that software can’t completely reproduce, but they are a lot harder to audit and verify their integrity.
In any case, the TPM is something that software solutions have to explicitly call in the first place, it isn’t something that activates itself and starts digging into your hard drive. Which means if you don’t want to use it in your security solution, then it will sit there and do nothing. You can keep using your encryption keys in clear memory, visible to any privileged software.
I don’t know specifically about the XBox and how it uses it, but the TPM absolutely can be used as part of a DRM scheme. Since the TPM can be used to encrypt data with a key that can’t be exported, it could be part of a means to hinder copying of content. Of course this content still has to be decrypted into memory in order to be used, so people looking to defeat this DRM usually still can. DRM as a whole is often shown to be a pretty weak solution for copy protection, but companies won’t stop chasing it just the same.
Well I have good news for you, the TPM can’t do those things. The TPM is just a hardware module that stores cryptographic keys in a tamper-resistant chip, and can perform basic crypto functions.
In of itself, it can’t be addressed remotely, but it is usually used as a component of a greater security scheme. For example, in full disk encryption, it can be used to ensure that disk can’t be decrypted on a different device.
There’s been a lot of FUD surrounding TPMs, and it doesn’t help that the actual explanation of their function isn’t something easily described in a couple of sentences.
There’s no reason to be afraid of a TPM, and for the privacy-minded and security-conscious, it can even be used as part of a greater security scheme for your device and its data.
Of course at the same time, it’s not a feature most home users would make full use of, and as for not liking Windows, carry on. There’s plenty of reasons to avoid it if those things are important to you
A couple of main points:
- You are reading tutorials to help you get it up and running. Most of the time these are designed to walk you through setting things up on a fresh node, and most often just VMs on an isolated (trusted) network. When you are providing a guide to just get someone up and running, the first thing to do is establish a known baseline configuration to start from.
- Kubernetes is a complex distributed application, and as such, the audience is generally expected to be relatively experienced. Meaning if you don’t know how to configure your firewall, people assume you aren’t going through this tutorial.
Still, I feel your pain. When trying to get into these technologies, most people who have done the work are engineers, and we stink at writing documentation. I’m sure you’re familiar with it, we automate the solutions for issues we encounter, and then those tools or automatic configurations fail to make it to the end user.
And I’m probably biased, but don’t use a video guide for this sort of thing. It’s just the wrong medium for a technical tutorial.
I don’t think most mobile app development ever was a sustainable business model, especially if your app is not even providing the service or particularly unique features to begin with.
Not to say I don’t think there should be apps, but anyone getting into it looking to make an independent career out of it will probably end up disappointed. The most successful apps are either aggressive with the in-app purchases, or are simply a free front end to a service that pays the bills.
We’ll see how it turns out though, this developer does have a lot of loyal fans who treat the paid features as basically a voluntary donation, kind of like a Patreon. I’m pretty pessimistic that it will last, but successful business ventures don’t always make complete sense to me.
Gelsinger was hired as a known long time engineer, rather than as a business expert. I would trust his numbers from an engineering perspective, even though I was laid off under his rule