I have rarely had the words pulled out of my mouth.
The percentage of devs in my career that are from the same academic background, show similar interests, and approach the field in the same way, is probably less than %10, sadly.
Both are true, and both should be allowed to exist as they serve different purposes.
Sound engineers don't use lossy formats such as MP3 when making edits in preproduction work, as its intended for end users and would degrade quality cumulatively. In the same way someone working on software shouldn't be required to use an end-user consumption system when they are at work.
It would be unfortunate to see the nuance missed just because a system isn't 'new', it doesn't mean the system needs to be scrapped.
> In the same way someone working on software shouldn't be required to use an end-user consumption system when they are at work.
I'm worried that many software developers (including me, a lot of the time) will only enable security after exhausting all other options. So long as there's a big button labeled "Developer Mode" or "Run as Admin" which turns off all the best security features, I bet lots of software will require that to be enabled in order to work.
Apple has quite impressive frameworks for application sandboxing. Do any apps use them? Do those DAWs that sound engineers use run VST plugins in a sandbox? Or do they just dyld + call? I bet most of the time its the latter. And look at this Notepad++ attack. The attack would have been stopped dead if the update process validated digital signatures. But no, it was too hard so instead they got their users' computers hacked.
I'm a pragmatist. I want a useful, secure computing environment. Show me how to do that without annoying developers and I'm all in. But I worry that the only way a proper capability model would be used would be by going all in.
I could have sworn, back in my day, on WinNT4 we successfully chained a red and white pair from Autodesk. One for AutoCad, and either Mechanical Desktop or 3ds Max.
I had a very similar story related to this as well.
For the longest time I always assumed RF remotes were the ancient ones, as growing up, we had an old large Magnavox console tv, with just such a remote.
As time progressed we went to IR, which was, as I'll explain below, a welcome relief!
The tv was positioned in a basement room, just under my bedroom. Every few months I would be rustled from my sleep, at 4AM, to come downstairs to the tv turned on, blaring full volume and on channel 99 (static). This continued for a while until I realized that my father, who is HAM operator, and an early riser, would somehow be injecting into the remote sensor on certain frequencies occasionally. Needless to say it was thusly unplugged afterwards!
RF chokes on the cables are sometimes necessary. The clip-on ones work well, and are cheap. Part of being a Ham is mitigating EMI your broadcasting may cause.
As a side note, intentionally jamming or interfering with other peoples signals can carry up to a $1m fine and several years in prison. =3
yeah, when i used to live in New England, and had more time to be interested in transit, i always was peaked in how comcast would route.
No matter how far south i seemed to get, i'd always need to travel to Boston's peering point first to make it to NYC, even in New Haven. If you then simply switch isps, even at same address, verizon would send you south immediately.
so theres funky overlap wherein on one isp you appear closer to city A, and on isp 2 closer to city B, but its same physical address.
Continental classification I'd think would be good as they appear to be coalesced endpoints, separated by vast oceans.
Possible but more likely it's an issue with focus, like the user's palm on those occasions coincidentally brushes the trackpad.
To be clear, I have no doubt Windows 11 is just as awful as GP makes it out to be. I'm luckily free to choose my OS and at this point wouldn't touch Windows with a 10' pole.
All this theatre is turning out to be nothing more than giving up the agency we have today (nice things), for a risk averse kneejerk runaround with glaring ulterior motives...just like the scan your face+id push for services.
Would YOU be willing to use a bank that refused to use TLS? I didn't think so. How is you refusing to accept remote attestation and the bank refusing to connect to you any different?
Because Banking has existed and operated fine for countless decades without it(attestation).
Also, as there is ample discussion elsewhere, having attestation does NOT eliminate the ability for your account to become compromised.
As restated.
"If the user's device isn't compromised then everything is fine regardless of whether or not it can pass attestation. If the user's device is compromised, the device doesn't need to pass attestation to run a fake bank app and steal the user's credentials. Once the attacker has the user's credentials they can use them to transfer money regardless of whether or not they have to use a different device that can pass attestation.
It doesn't really provide any security."
IT DOES however completely rewrite the paradigm of general purpose computing in very asymmetrical ways.
Stop ignoring my question. If it is OK for YOU to refuse to use a bank that doesn't use TLS then why isn't it OK for a bank to refuse you as a customer if you refuse to agree to remote attestation? Both parties have the right to specify reasonable security postures and either mutually agree or not.
Not OP, and also not sure where I actually stand on this debate because I think your point has a lot of validity to it, but...
I think there's also an argument in favor of a person having the right to access their money (and I'd argue that accessing your bank's website/app is accessing your money) however they want, and that access to their money is more of an important right than the bank's right to control how that access happens.
I think we can all agree to some "within reason" clauses on both sides (eg not allowing HTTP only access seems reasonable), and I guess a lot of this debate is "is requiring attestation within reason?"
To me, any asymmetry between the rights of the consumer and the rights of the bank should be in the favor of the consumer.
Remote Attestation of Immutable Operating Systems built on systemd
Its the "remote" thing that has no place in personal computing, or rather, computing that is to extend one's own autonomy, or agency.
Its no one's damn business whether my system is attested or not! I mean, sure theres certainly benefits for me knowing if its attested, but the other road is one of ruin, and will basically be the chains of the future.
If you're trying to remotely attest immutable OSs you are definitely not a home user, or if you are, you're definitely very keen at least and likely a raging self-masochist.
If you're NOT trying to remotely attest anything, you're fine. Just use your chosen OS, dawg.
Remote attestation is just generating a random blob on the remote side and then making the tpm 2.0 module on a computer sign the blob with a private key. You then provide the signature and the public key to the remote for verification. That enrolls that device. After that you can "verify" with a new binary blob and validate a new signature came back with the same key. That full loop is remote attestation. The idea is your disk didn't get moved to another computer. It's a security thing that Linux does need and is capable of being fully open source.
We're gonna be using this to validate someone didn't move your login to another device. Which will protect you from session hijacking. Your work stuff will start requiring it. Your media accounts will too. Or else linux will simply be locked out from major services. DRM is already in your browser. And literally has no connection to identity attestation.
I have rarely had the words pulled out of my mouth.
The percentage of devs in my career that are from the same academic background, show similar interests, and approach the field in the same way, is probably less than %10, sadly.
reply