Lemmy shouldn’t have avatars, banners, or bios
I’m shocked at what an unpopular thought this is. Like… If you go out in public, there’s a very real risk that people in public will see you. If that’s a concern you have, then you should take steps to not be seen in public. To me, that would mean not making my presence obvious when visiting a bar.
Camera or not, if people are looking for you, they will find ways to look for you in public places. You should always assume you’re being watched, because you probably already are.
I have such bad things to say about recruiters. They generally don’t have a clue about any of the skills related to the jobs I’m after, and they take a huge cut of the pay the entire time I’m working the job.
On the other hand, the two best jobs (highest pay and best working environment) I’ve had in my career, I got through recruiters, so I acknowledge them as a useful business when it works out. The last one has led to the company buying my contract and hiring me directly for the past 12 years
I’m not sure what it is “for” exactly, but in practice it tends to show a lot of brand new posts with zero comments or votes
Atleast one must get physical access to the lock in order to pick it.
It’s a fair point, but if we’re taking about cars, I’d say physical access is a given. Keyless vehicles haven’t quite enabled remote car thefts just yet
It’s free, so when I need to ask about something in the news today, I’ll use Bing. Granted I use a browser extension that lets me use Bing in Firefox.
These are useful tools, but not useful enough that I’m willing to pay for them when there’s free options.
Generally commercial drive encryption solutions, like Bitlocker, usually has a backup recovery key that can be used to access the encryption key if your TPM is reset, or if your device dies.
So I guess the short answer is most of these solutions don’t fully protect it from being moved to another device, they just add another layer of security and hassle that makes it harder to do. And without the TPM as part of these solutions, you would be entering a 48-character passphrase every time you boot your device, which has several security flaws of its own.
Assuming you use bitlocker on your PC, how do you know the entire content of the TPM (your bitlocker encryption key, etc) cannot be fetched from the TPM by the manufacturer or any third parties they shared it tools and private keys with?
The TPM specification is an open standard by the Trusted Computing Group, and there are certification organizations that will audit many of these products, so that’s a good place to begin.
As with any of the hardware in your device, it does require some amount of trust in the manufacturers you have chosen. These same concerns would apply to anything from the onboard USB controllers to the CPU itself. There’s no way to be absolutely certain, but you can do your due diligence to get a reasonable level of confidence.
And because it is hardware based, how do I as a user know that it does what it claims it does as I would with a software based encryption software that is open source (like truecrypt/veracrypt).
This is a reasonable thing to think about, although very few individuals are qualified to understand and audit the source code of encryption software either, so in most cases you are still putting your faith in security organizations or the community to find issues.
When it comes to security, it often comes with a trade-off. Hardware devices can achieve a level of security that software can’t completely reproduce, but they are a lot harder to audit and verify their integrity.
In any case, the TPM is something that software solutions have to explicitly call in the first place, it isn’t something that activates itself and starts digging into your hard drive. Which means if you don’t want to use it in your security solution, then it will sit there and do nothing. You can keep using your encryption keys in clear memory, visible to any privileged software.
I don’t know specifically about the XBox and how it uses it, but the TPM absolutely can be used as part of a DRM scheme. Since the TPM can be used to encrypt data with a key that can’t be exported, it could be part of a means to hinder copying of content. Of course this content still has to be decrypted into memory in order to be used, so people looking to defeat this DRM usually still can. DRM as a whole is often shown to be a pretty weak solution for copy protection, but companies won’t stop chasing it just the same.
Well I have good news for you, the TPM can’t do those things. The TPM is just a hardware module that stores cryptographic keys in a tamper-resistant chip, and can perform basic crypto functions.
In of itself, it can’t be addressed remotely, but it is usually used as a component of a greater security scheme. For example, in full disk encryption, it can be used to ensure that disk can’t be decrypted on a different device.
There’s been a lot of FUD surrounding TPMs, and it doesn’t help that the actual explanation of their function isn’t something easily described in a couple of sentences.
There’s no reason to be afraid of a TPM, and for the privacy-minded and security-conscious, it can even be used as part of a greater security scheme for your device and its data.
Of course at the same time, it’s not a feature most home users would make full use of, and as for not liking Windows, carry on. There’s plenty of reasons to avoid it if those things are important to you
I’m fond of Go, which comes with its own auto formatter. It eliminates all arguments over style and format.
I don’t understand why they federate together at all. Microblogs are different types of discussions from threads, and shouldn’t be mixed up this way.
If anything, they should be completely separate sections of the site so you can browse the microblogs if you want.
You should have seen how mad people were over the time Discord slightly changed the shade of the icon
WSL has replaced my use of the command prompt in Windows for anything (and I used it more than most, I think).
In my job, I develop Linux applications to support industrial automation, and WSL is capable of building and running most of what I make. It isn’t a full Linux machine, and can behave unexpectedly when trying to do things like changing certain network configurations.
So it’s great for what it’s for, really. But if you want a full VM, this isn’t really for that.
Right, and everyone agreed that wasn’t the greatest practice. Two years ago.
This thread from two days ago was bringing attention to an issue that was fixed two years ago, and calling it out as if it was a different problem than it was.
It’s good to have discussions about security best practices, but this thread is pointless. This problem is simply not there anymore.
This was hashed out pretty thoroughly in that thread.
The initial concern over the password being stored in plaintext was shown to be a mistaken assumption, and it was made clear that this kind of email doesn’t happen anymore, it’s an outdated problem.
No need to keep the discussion going past that, is there? Much less spread it around?
I’ve never felt dependent on public code repos for my own career before,
I hope you don’t actually believe this.
I think you misunderstood me. We all use open source software or develop using open source libraries, and in the context of the question, I don’t care where they host their code, as long as I can find it. But that isn’t what I was talking about. I have never felt like my career depended on me publicly hosting my own code. I have found jobs and connected with people through other means, and they haven’t even asked to see my github profile in any interviews I’ve been in.
which is why you should always open source your code unless there’s a specific reason not to. If you’ve ever made something that works, then your cube would be useful.
Sure, I have a Python script running on a Raspberry Pi controlling my garage door opener. You want it, I’ll show it to you. I believe in open source software, but I’m not going out of my way to publicly host (and document, yuck!) every little thing I’ve made for myself, especially when they have often been tailor made for my home environment, or hacked together in 15 minutes and riddled with secrets.
But my main reason is simply privacy. I don’t want to broadcast to the Internet what project I am working on right now, or reveal the architecture of my home network or smart home setup. There’s a lot you reveal about yourself when you show the world what you are doing, and I would prefer not to do that.
I don’t understand the question or the responses.
It’s a host for code repos. I would “switch” from GitHub if the repos I need to interact with were hosted somewhere else.
How do y’all use GitHub? Is everyone running their own open source project? None of my personal projects have ever been open source before. Very few of them were even useful for anyone but myself
I’ve been a developer for 20 years, I’ve never felt dependent on public code repos for my own career before, and I would be uncomfortable if it happened. No employer has even asked for my public GitHub profile or to see my commit activity. Not even when the company hosted their code on GitHub
Sometimes it’s intentional. I have seen both of these cases as well:
Gotta get more impressions, right?
I guess the main things would be:
I don’t watch any YouTube personalities or subscribe to channels. If I’m on YouTube, it’s to see a specific music video, informational video, or something linked by a friend
In short, if I’m not specifically looking for a video, I don’t need or want one recommended to me.
WSL is pretty good these days. Dual boot with Windows is still a pretty risky move with how easily Windows will overwrite your boot loader. I usually recommend you pick one os or the other rather than dual boot, so I’m in favor of WSL or virtualbox. Personally, I have never cared for needing to reboot just to switch operating systems. I tend to stick with one and the second one does nothing but take up disk partition space.
WSL lets you run both simultaneously without rebooting. Virtualbox lets you do the same with extra setup. Virtualbox makes it easier to do GUI setups than WSL does, and the network configuration is a little more obvious.
The best option is to get a second machine so you can run both. If that’s not an option, virtualbox is the better choice for learning. If you just want a Linux environment on your existing setup (similar to using a Mac) then WSL is usually good enough