I thought I was told just a year or two ago it was supposed to be the future of manufacturing.
This is a secondary account that sees the most usage. My first account is listed below. The main will have a list of all the accounts that I use.
Personal website:
I thought I was told just a year or two ago it was supposed to be the future of manufacturing.
It is highly unlikely that you have malware sophisticated enough to do something like compromise installation media (already exceedingly rare) yet not sophisticated enough to bypass secure boot.
The purpose of secure boot is to verify that the boot loader and kernel are approved by the manufacturer (or friends of such). There are certainly ways to inject software into a system that doesn’t reside in those locations. It just makes boot sector viruses and kernel mode rootkits slightly more technically challenging to write when you can’t simply modify those parts of the operating system directly. If malware gets root on your installation it’s game over whether or not you have secure boot enabled. Much of the software on a computer is none of those things protected by secure boot.
Plus, take another wager: most systems today ship with secure boot enabled. If you were a malware author, would you still be writing malware that needs secure boot turned off to run? Of course not! You would focus on the most common system you can to maximize impact. Thus, boot sector viruses are mostly lost to time. Malware authors moved on.
Overall, it’s a pretty inconsequential feature born of good intentions but practically speaking malware still exists in spite of it. It’s unlikely to matter to any malware you would find in the wild today. Secure boot keys get leaked. You can still get malware in your applications. Some malware even brings its own vulnerable drivers to punch into the kernel anyway and laugh in the face of your secure boot mitigation. The only thing secure boot can actually do when it works is to ensure that on the disk the boot loader and kernel look legit. I guess it kind of helps in theory.
That’s a tough nut to crack. Even as a video game platform, they don’t write most of the software that they sell today. They would need to find some way to convince developers to write software for something that’s not the platform nearly all users are running.
I’m not sure that Microsoft ever did halt going down that path. My wife recently bought a PC that came locked down by default and required some fiddling to allow running unsigned apps. This was Windows 10, not sure about 11.
I think it could be more that broad compatibility with everything is their main selling point, and by doing so they were undermining their own ecosystem.
However, this is mere speculation on my part.
Valve is a Titan doing incredible work for the open source community and making money while doing so.
Successful open source software business model at work. Way to go.
Loads of complex code exposed to an assumed trusted network is the model of printers. They’re going to be full of security issues.
This stuff should be sandboxed and then never, ever exposed to the Internet.
Entirely personal recommendation, take it or leave it: I’ve seen and attacked enough of this codebase to remove any CUPS service, binary and library from any of my systems and never again use a UNIX system to print. I’m also removing every zeroconf / avahi / bonjour listener. You might consider doing the same.
Great advice. It would appear these developers don’t take security seriously.
There can only be one true corporation and you will pay infinite money for every one of its products.
Important embedded link from Tor about the attack and actions going forward:
I just want to say thank you for your take. I’m not smart enough to intelligently discuss these issues, but it pleases me greatly to see great minds thinking hard about Lemmy.
👏👏 nicely done! Bravo!
It’s very impressive that they got such a modern process up and running in such a relatively short period of time. I understand the Arizona location is relatively new.
Woof. I forgot that used to be a thing. I’m pretty sure I had a phonebook those days.
So far we’re doing a great job at keeping profits out of the equation. Let’s see if it lasts.
With community visibility, there is plenty of room to form these communities that regular people can’t access for those who want that.
I can imagine an instance with a whole collection of insider communities. In fact, it’s already happened.
It will be double dead with the shift toward digital games over physical copies.
What was open about them anyway? I thought it was a misnomer from the start trying to fool people into thinking they’re open source.
Absolutely. That’s why it’s still good practice to include some kind of comment about the article in the post if the content isn’t clearly identified by the headline.
It’s a good idea in principle but headlines are often not in the viewer’s interest. The purpose is to get you to watch the video, not to actually tell you what’s in the video.
Unfortunately there’s lots of good videos with Clickbait titles.
One should not be able to waive one’s rights.