nostr:npub15fkerqqyp9mlh7n8xd6d5k9s27etuvaarvnp2vqed83dw9c603pqs5j9gr this has made me start reading privacy blogs and stuff from EFF.
It's distressing that we cannot even talk about digital rights without making the conversation about homosexuals.
muh oppressed sexual minorities, we must protect them from le nazi secret police
nostr:npub15fkerqqyp9mlh7n8xd6d5k9s27etuvaarvnp2vqed83dw9c603pqs5j9gr yeah it's a whole world out there. I'm not trusting of governments in the slightest and I'm sure they have some very nasty capabilities.
If you are fucking with the government I think it's absolutely a thing you should account for. But if you're asking me "what's the probability that there is actually a signal flare on every Intel chip watching for naughty words" I would say on the whole it's not extremely likely right now.
CPU exploits are different. I'm fairly sure many of those are intentional but actually exploiting them generally has to be done by some kind of additional malware.
I don't think they're doing stuff like monitoring for hate speech, I mean more like "this guy is behaving oddly, take a closer look". Like how back before encryption was commonplace, just using encryption might make you stand out.
An example might be the user taking more extreme than usual steps to secure their network. The chip could try to determine that by various forms of inspection, using methods designed to hide any required traffic with normal traffic, and depending on what the results looked like, it might flag the user as an unusually savvy person of interest.
Now maybe that's not super useful to the government by itself, but user profiles could be built up checking lots of different things and I bet the result would be pretty useful to an intelligence agency. Not a big deal in the general case when the government doesn't care about you, but a problem once they decide to put you under the microscope.
On the other hand they could also just show up at your house at the crack of dawn, kill you, plant child pornography on your computer and use the media to drag your name through the mud. :02shrug:
nostr:npub15fkerqqyp9mlh7n8xd6d5k9s27etuvaarvnp2vqed83dw9c603pqs5j9gr call me optimistic but I actually don't think the hardware situation is that bad YET. Intel ME has been looked at for a long time with suspicion but nobody has been able to catch it operating like spyware or even looking like it's running at all during system operation. I think it's easier to avoid the dragnet than most technically capable people assume. This is partially due to the fact that whenever they do catch somebody it is usually from some blitheringly retarded opsec failure.
On the other hand, if you're on windows, everything you do is being sent off to a server. We've known this for 10 years now.
But the vulnerabilities definitely exist, whether they're being actively exploited much or not. And it's going to be *very* hard to inspect an on-die black box like that. Few people have the tools to even attempt it, and I can think of a bunch of ways offhand to make it more difficult to detect that it's doing shady stuff.
I'm not super concerned about it myself, but if I was a terrorist or something I would take the threat seriously. It's bad enough that the hardware companies don't prioritize user security, but the fact that they outright hide and lie about functionality (on multiple levels) in their hardware is very disturbing.
I agree that the government is not super competent in general, but we can't ignore the possibility that in some cases they're simply lying about how they built their case. Parallel construction happens all the time and we know all these big companies cooperate with the government. Some of them surely have teams of spooks actively working within them, whether the companies actually know about it or not. How many of these "hardware exploits" are true accidents, and how many are sneaky exploits some NSA dorks dreamed up and slipped into the spec?
I have no time for mama murphy
old druggie bitch
>9000 pounds
Ahaha get a load of this ev success story nostr:npub15fkerqqyp9mlh7n8xd6d5k9s27etuvaarvnp2vqed83dw9c603pqs5j9gr
>Buy ev for high ESG
>$130k for a pickup
>6 months in repairs for a fender bender
>Can't make a road trip without running out of juice because all the chargers are broken
>Literally a city only car
lol
nostr:npub15fkerqqyp9mlh7n8xd6d5k9s27etuvaarvnp2vqed83dw9c603pqs5j9gr https://veracrypt.eu/en/Hidden%20Operating%20System.html
but >windows
I guess if you air gapped it it wouldn't matter but still.
I feel like you need to be extremely paranoid about hardware to really avoid compromise
modern chips have their own black box operating systems running and we don't really know what's in there and can't inspect it, right. it's "necessary" for these super complex chips to function, they say
you can physically remove the known wireless functionality from a board, but if the chip has a hidden wireless module on the die, they could have an antenna disguised as a trace and still use that to opportunistically contact known networks as you pass through them. shitty signal quality I'm sure but they don't need to extract data in bulk, they just need to send up a signal flare, so to speak. "come look at this guy"
keep the device in a faraday cage, and never bring another device in? that seems relatively safe
or just revert to 80s tier computing, which is honestly enough for many things
hmm yes birch beer
did cheap KVMs ever become good or are they still crap
nostr:npub15fkerqqyp9mlh7n8xd6d5k9s27etuvaarvnp2vqed83dw9c603pqs5j9gr there's a special button for it separate from other guns. I think you have to equip it then throw. Trust me it's better than the typical setup because you dont have to out your gun away to use them.
alt, apparently
I must've hardly ever used throwables in the past in this game
alt, turns out
three ghouls down
how do I throw grenades in fallout 4
"errors"
tomshardware.com/news/linus-torvalds-amd-ftpm-errors
nostr:npub15fkerqqyp9mlh7n8xd6d5k9s27etuvaarvnp2vqed83dw9c603pqs5j9gr I am not sure about encryption headers in files but I know that's common for FDE because the thinking is it just doesn't matter if you have a strong password. Deniable is for when you're up against a government and they'll just throw you in jail until you give them the password if they can prove there's a petition.
They don't know the length. They just try all combinations up to a certain point.
I remember watching a def con (probably) presentation where they tried putting explosives in their drives to destroy them at a moment's notice rather than letting them get seized
it did not work very well as I recall
people make fun of them but I like the gun designs in fallout 4
they're not that weird, they look like gun development just picked different favorites to run with after WWI
nostr:npub15fkerqqyp9mlh7n8xd6d5k9s27etuvaarvnp2vqed83dw9c603pqs5j9gr there aren't that many schemes available so not knowing it would increase the complexity by maybe 20, so not as secure then knowing the scheme and just adding another character.
I am not entirely sure but I think that most encryption schemas just say what they are up front. The ones that don't are called Deniable. The only product I know that hides this is veracrypt.
You mean at the front of the byte stream? Like how keys in a key file will have prefix and postfix data saying what they are and who made them, or whatever.
I don't really know if individual encrypted files have that sort of thing, I've never inspected one. It seems like a bad idea if they do.
Otherwise if they just find an encrypted file lying around, something you're expected to explicitly run back through a decryption program and that can't decrypt itself, that would be hard to approach.
But speaking of the number of characters, how could they know at all? I see this implicit assumption made a lot in password discussions, and of course a longer password is more secure all else being equal. But if you just have an empty field to enter the password, and it can accept an arbitrary number of characters, how could you possibly know how many characters to try? You'd just have to start at 1 character and keep increasing, and so logically, the brute force would simply take longer to solve the longer password. But at a certain point of not-that-many-characters the amount of time required approaches the heat death of the universe.
wouldn't need sticky notes if you could use a pass phrase :bball: