I also strongly dislike requiring remote attestation for any kind of software I want to run. But what I also dislike is cheaters in my online games and I genuinely do not have a better suggestion on what to do.
Personally, I run Windows purely for gaming and don't let it near any important data. For the latter, I boot into Linux with separately encrypted disks.
>But what I also dislike is cheaters in my online games and I genuinely do not have a better suggestion on what to do.
You can't suggest "run online games as close-knit social groups, with social exclusion punishments for cheaters", which is how most online games used to be run. How old are you?
Game vendors used to be happy letting us host and run our own multiplayer games, until they realised they could get more money out of us -- "battle passes", microtransactions, ability to forcibly turn off multiplayer of older game when newer remake comes out -- and now they've made themselves a mandatory part of your online experience. You have to use their matchmaking and their servers. So now it's down to them to solve the problem of cheaters, enabled by their centralised matchmaking... and their only solution is remote attestation of your machine and yet more data collection?
I'm doing the same but I worry about windows compromise messing with the bootloader so then encrypted linux drive won't save me. Probably too paranoid though?
If you use secure boot and don't let your keys near Windows, you should be fine even if your Windows install is compromised. Unless you don't trust Microsoft themselves, in which case you'd need to re-enroll keys whenever switching operating systems, which is possible, but very tedious.
The important part in the parent is "that don't need a user password". You just said you had to supply a (user) password.
With a TPM you can set it up that your disk is unlocked automatically, but only if no-one changed anything in the signed boot chain. This is the default with Bitlocker on Windows and is also possible on Linux, though somewhat more finicky.
But most people don't want to enter a password, and if you make people enter a password too much, they'll choose terrible passwords and put them on a sticky note. Windows Hello can only be done securely with a TPM. A server that I want to turn back on all by itself after a power outage can only be done securely with a TPM.
I want a TPM in my computer so I can have the security and convenience. Yes, it's another point of failure. But I need backups in case the hard drive fails anyway. And besides, the OS can be designed so I can enter a password if I need to use the drive without the TPM.
>Windows Hello can only be done securely with a TPM
I think in general biometrics are in the same ballpark as low-entropy passwords. IDK, I personally have no faith in trusted computing hardware because it can be broken with the right equipment. You're right that it can be used alongside ordinary security measures, but I just think it encourages putting your eggs into a cryptographicially-weak hardware-strong basket (which represents a downgrade because crypto is stronger than hw).
>A server that I want to turn back on all by itself after a power outage can only be done securely with a TPM.
Can you describe how this prevents a MITM attack? I assume you mean a remote server? I've heard of colocation setups like this, but I think they rely on a couple of unstated assumptions.
> >A server that I want to turn back on all by itself after a power outage can only be done securely with a TPM.
> Can you describe how this prevents a MITM attack? I assume you mean a remote server? I've heard of colocation setups like this, but I think they rely on a couple of unstated assumptions.
I'm not sure what you mean by prevent a MitM attack, unless you're worried about someone with probes MitM-ing your TPM-CPU connection in the DC.
You can bind a TPM to measurements on the host (let's say for argument's sake you want Secure Boot state, Option ROM state, and UEFI state), then configure the OS to ask the TPM for the (or rather, a) decryption key during boot.
The TPM will check that the state(s) you bound to is (are) the same as when you bound them, and if so it will give the OS the key. Your disk is encrypted, but the boot process is automatic/unattended, as well as completely contained within the server chassis.
There are ways to attack this hypothetical setup, buuuuut there are ways to attack remotely entering your disk password as well, and bear in mind that denial of service is a security vulnerability. Tradeoffs.
I agree that biometrics are in the same ballpark as low-entropy passwords, which means their security relies on avoiding offline attacks. My ATM card is protected by a 4-digit pin. That's perfectly secure, because the ATM network won't let you enter a wrong pin more than a single-digit number of times before locking the account.
Windows Hello allows you to log in with a 6-digit pin. That's perfectly secure, because the TPM lets them design a system where you can't do an offline attack on the pin. Too many wrong entries and you'll need to use your password.
I doubt there's more than two dozen bits of entropy provided by finger print readers or facial recognition authentication, but you can make an acceptably secure login experience with it because, again, the TPM lets you prevent offline attacks.
But without password, anybody can physically access the device and exfiltrate data. That is even easier than regular password protection, where the storage medium would have to be removed or a live OS would have to be booted.
The risk is data leakage. With a TPM and no password, there is no data leakage protection.
Passwordless boot with a TPM means the software can control what secrets it gives out. Yeah, if you boot to a desktop operating system and auto-login as an admin user, that doesn't leave things very secure, but that's not the only scenario.
Consider a server. It can have an encrypted hard drive, boot with the TPM without a password, and run its services. In order to steal data from it, you need to either convince software running on the server to give you that data, or you need to do some sort of advanced hardware attack, like trying to read the contents of DRAM while the computer is running.
There are other use cases too, like kiosks, booting to a guest login, corporate owned laptops issued to employees, allowing low-entropy (but rate limited) authentication after booting, to name a few.
Is it? Last time I tried to self-host my email I did. I had DKIM, DMARC and SPF set up correctly as verified by multiple sites, but I couldnt't get reliable delivery to any Microsoft-hopsted mailboxes. Every other provider I tested was perfectly happy with my mail, unfortunately MS is too big a provider to ignore them.
> What matters is domain age, IP, and compliance with DKIM/DMARC.
Maybe it was my IP, but I cycled a few with my hosting provider and none of them made a difference. If I am unable to reliable obtain a 'trusted' IP, what good does it do?
I switched to hosted email and all my delivery issues were gone.
There are tools that can check if your IP is on a blacklist [1].
Also, my experience with self-hosting email is that if you get people to email you first from their domain, and you reply to them, then you are not going to be blocked. Of course, this won't work if you send a lot of cold emails.
>> What matters is domain age, IP, and compliance with DKIM/DMARC.
>Maybe it was my IP, but I cycled a few with my hosting provider and none of them made a difference. If I am unable to reliable obtain a 'trusted' IP, what good does it do?
That's true. I have a Class C IP range and a domain registered for 30 years and yet Gmail still started ignoring my email server a couple of years ago...
Anecdotally, I'm not. I always use Firefox (or Zen) and get almost no Captchas. Neither at home, nor at work. Not on Windows, not on Linux, not on macOS.
I'm not going to say that Cloadflare isn't doing anything fishy, but if they are, it's probably more complicated.
Neat. Though I wonder if this suffers from the same race condition that the graphical session does when your shell is stored on a data volume.
Specifically, if you restart and opt to restart apps, they can come up before all volumes have been decrypted and mounted. If your shell is on one such volume, your terminal emulator may fail to start, for example. This can happen when using Nix to install your shell, for example.
I imagine this may be even easier to hit over SSH unless the underlying problem was resolved.
Unlock over SSH terminates the connection after unlocking the data volume, so it doesn't even attempt to start the shell until you reconnect after it's fully booted up.
FWIW you can fix the shell issue by wrapping your shell in a shim that essentially runs wait4path on the nix store before exec'ing your real shell. I set up my environment to install that shim binary directly onto the data volume at a known path so it can be used as my login shell.
Depending on the timeouts involved, I imagined it might still happen if you had automatic retry.
And thanks for the pointer, I actually have the same fix in my config with the nice benefit of only adding a single non-changing entry to /etc/shells. It might be worth up streaming something like this to nix-darwin, so we don't all go implement essentially the same fix.
This is such a hilarious failure mode. I would never have imagined something like this to a problem.
In the case of SSH though, I assume retrying after a second or so would be enough. You probably have some sort of retry mechanism to deal with network failures anyway.
The game really doesn't perform great, but it's not impacting the fun I'm having with it, so I decided to stick with it.
What I don't get is why Randy Pitchford seems intent on alienating the player base further by doubling down again and again on there not being a problem. Emotionally, I understand being defensive of one's work, but at a certain point it might be financially advantageous to show some humility or simply ... not say anything. Then again, he's free to do as he pleases.
backdrop-filter is supported by all major browsers, but specifically using SVG filters, which are more powerful and is out-of-spec, is only supported in Chromium-based browsers.
Not sure if this is relevant, but while moving the slider around, in chromium i see 40% gpu utilisation, while in firefox less than 20% (macbook m3 pro). I do not observe any noticeable difference otherwise in terms of quality.
PS Neat website and explanations, but talking about the liquid glass as a design principle in general, I would rather ui elements in a random website not use that much of gpu for not great reasons but maybe that's my problem of not thinking different.
> One of the channels I am still on is full of VPS hosted ghosts;
This hits hard. I might be one of those ghosts. When I last checked in, I saw the same in virtually all the channels that were once important to me. My bouncer is still running, I suppose I'm not quite ready to let go yet.
+1, i used firefox since my childhood, never interested by Arc because it's idiotic to me that a browser requires an account. a while back someone suggested Zen, i now use it as my main browser since a bit over a month. really happy :)
If you mean 'run macOS apps on Linux', Darling [0] already exists. Running command-line applications is already possible, GUI applications less so.
If you want to run Windows Games on macOS, that is also very much possible. Wine runs on macOS and Apple have themselves developed the 'Game Porting Toolkit' which provides an implementation of D3D12. I understand the best way to use that these days is to use CrossOver [1].
Personally, I run Windows purely for gaming and don't let it near any important data. For the latter, I boot into Linux with separately encrypted disks.
reply