Open Source Software Community - it's about ethics in Code of Conducts

[SCV]

"bro protecting yourself against evil maid is worthless because <other attack>"

What is the name of the "<other attack>" where someone with surreptitious physical access to your machine attaches malicious hardware to it?

i'd imagine if you were serious about this specific class of attacks you would be fairly cautious about unlocking your drive if you notice that your computer has strange new hardware attached to it

Ah, right. I forgot I was an omniscient being who can immediately -before I even log into my computer- perceive any an all hardware attached anywhere to my computer. Even something as small as this:

 

[analrapist]

something as small as this:

positively obese, americans ruin everything, try this

 

[Ferryman]

Unfortunately there is a much easier attack for someone with physical access that completely defeats secure boot: A malicious usb cable. Not only do they not require installing software at all (that must be customized to your target) so are much faster but have tons of additional useful features like wifi access, key stealing, input injection, etc.

Doesn't disabling auto mount fix this straight up? Or, better still, just disabling the physical ports until needed?

 

[Creative Username]

What is the name of the "<other attack>" where someone with surreptitious physical access to your machine attaches malicious hardware to it?

the one you mentioned, where you attach a funky usb peripheral to the computer and hope nobody notices? that isn't defended against by secure boot and related strategies, but it doesn't need to be since it's a completely different form of physical attack

Ah, right. I forgot I was an omniscient being who can immediately -before I even log into my computer- perceive any an all hardware attached anywhere to my computer. Even something as small as this:

i don't think many of us check for unfamiliar tiny adapters/dongles attached to our computers before booting or unsuspending our machines, but shit like this is readily detectable if your threat model includes "people attaching bad shit to my machine" and you are actively looking for it

Doesn't disabling auto mount fix this straight up? Or, better still, just disabling the physical ports until needed?

amazing what you can do with a little epoxy or something

 

[The Mass Shooter Ron Soye]

Phoronix: The Former Lead For Apple Graphics Drivers On Linux Is Now Working At Intel (archive)

There's a follow-up to yesterday's surprising story of Alyssa Rosenzweig stepping away from Asahi Linux [archive] and that ARM graphics driver work where she led reverse engineering and development of the Asahi Gallium3D and HoneyKrisp Vulkan drivers within Mesa. She's now working at Intel on their Linux graphics drivers.

Phoronix: With Apple M1/M2 Graphics Driver Code Working, Alyssa Rosenzweig Stepping Away From Asahi Linux

As another very unfortunate setback for the Asahi Linux project moving forward after Hector Martin left the project as did Asahi Lina pausing work on open-source Apple driver development, Alyssa Rosenzweig announced today that she is stepping away from the project following the successes in bringing up Apple M1 and M2 graphics drivers for Linux.

 

[Coolio55]

Phoronix: The Former Lead For Apple Graphics Drivers On Linux Is Now Working At Intel (archive)

Phoronix: With Apple M1/M2 Graphics Driver Code Working, Alyssa Rosenzweig Stepping Away From Asahi Linux

Buy NVIDIA stock right this fucking second.
Yes, I AM your financial advisor.

 

[306h4Ge5eJUJ]

Phoronix: The Former Lead For Apple Graphics Drivers On Linux Is Now Working At Intel (archive)

Phoronix: With Apple M1/M2 Graphics Driver Code Working, Alyssa Rosenzweig Stepping Away From Asahi Linux

In other words, Asahi is dead in the water. Yet another troon project ends up going nowhere after the buzz dies down. Many such cases!

 

[Betonhaus]

Buy NVIDIA stock right this fucking second.
Yes, I AM your financial advisor.

Im assuming this person is a tranny, but I don't see how this is good or bad, unless you're one of the people who really wanted to run Linux on overpriced hardware

 

[Coolio55]

Im assuming this person is a tranny, but I don't see how this is good or bad, unless you're one of the people who really wanted to run Linux on overpriced hardware

If he's hired to the graphics team - he could easily fuck up Intel's chances of producing a competing card against NVIDIA and their cousin.
For instance, he could easily sabotage their drivers for AI in solidarity with the tantrums of online artists.

 

[k122.777]

If he's hired to the graphics team - he could easily fuck up Intel's chances of producing a competing card against NVIDIA and their cousin.
For instance, he could easily sabotage their drivers for AI in solidarity with the tantrums of online artists.

Rosenzweig is a talented engineer.

 

[volatile puar]

Realistically this just means Intel is taking their GPU development seriously and are intelligent enough to avoid Hector Martin.

 

[The Taxman]

Rosenzweig is a talented engineer.

That might very well be, but he is not a woman.

 

[Rancid Xylitol]

There's a reason why he has been doing this shit for over a decade, worked on a magazine, and has an anemic view count on anything he does in comparison to his subscriber numbers. He's not a nobody, or dumb, just horrifically incompetent when it comes to being an internet personality

The percentage of the world population that cares about Linux distribution minuta and Wayland vs X11 battles hover around 0%. That's why Lunduke will be obscure. He wants to rustle the jimmies of autistic Linux users, and there just aren't enough of them out there to keep him in the money. Show your parents any of his videos and see if they care about it for more than 5 seconds. I'm sure it will just get classified as "nerd stuff".

 

[Betonhaus]

If he's hired to the graphics team - he could easily fuck up Intel's chances of producing a competing card against NVIDIA and their cousin.
For instance, he could easily sabotage their drivers for AI in solidarity with the tantrums of online artists.

That could be said for any diversity hire. Trannies are usually somewhat competent in programming, and low level work ones like this guy are unlikely to sabotage the one thing they get respect for.

 

[The Mass Shooter Ron Soye]

https://preservetube.com/watch?v=-aqDYpQeiq0

https://archive.ph/1WMiC

 

[Danann]

I'm not trusting Lunduke.

 

[Ed Special]

Doesn't disabling auto mount fix this straight up? Or, better still, just disabling the physical ports until needed?

Disabling automount doesn't disable automatic driver installation from external devices, which opens you up to malicious driver installation from compromised USB devices, which can then be used as backdoors for more complex attacks. Dummy out the physical ports themselves, if you can.

 

[Pluciferous]

Disabling automount doesn't disable automatic driver installation from external devices, which opens you up to malicious driver installation from compromised USB devices, which can then be used as backdoors for more complex attacks. Dummy out the physical ports themselves, if you can.

Or simply build a kernel with unnecessary USB driver modules removed.

 

[Ferryman]

Or simply build a kernel with unnecessary USB driver modules removed.

Or get yourself a port plug. Man, I love plugging my port(s).

 

[jeff7989]

There's a tool called USBGuard. With it you can for example make a whitelist of USB devices which will be allowed on your system. I used it on a Thinkpad back in a day, it came with a nice Qt GUI for configuring it. Sure, it doesn't help if someone has unsupervised access to your machine, but in such case you are fucked anyways.

Edit. Great, it's been trooned out.