I wish this was a thing when I was writing application essays. They’re a great example of virtually meaningless content that needs to fit a certain shape.

LLMs are great at generating exactly this type of garbage.

One should not be able to waive one’s rights.

Like I needed another reason with this guy.

It’s astounding how one person manages to be so deeply unlikable.

Can we please stop with the privitization? It’s absolutely not been working out very well for the people.

I thought I was told just a year or two ago it was supposed to be the future of manufacturing.

It is highly unlikely that you have malware sophisticated enough to do something like compromise installation media (already exceedingly rare) yet not sophisticated enough to bypass secure boot.

The purpose of secure boot is to verify that the boot loader and kernel are approved by the manufacturer (or friends of such). There are certainly ways to inject software into a system that doesn’t reside in those locations. It just makes boot sector viruses and kernel mode rootkits slightly more technically challenging to write when you can’t simply modify those parts of the operating system directly. If malware gets root on your installation it’s game over whether or not you have secure boot enabled. Much of the software on a computer is none of those things protected by secure boot.

Plus, take another wager: most systems today ship with secure boot enabled. If you were a malware author, would you still be writing malware that needs secure boot turned off to run? Of course not! You would focus on the most common system you can to maximize impact. Thus, boot sector viruses are mostly lost to time. Malware authors moved on.

Overall, it’s a pretty inconsequential feature born of good intentions but practically speaking malware still exists in spite of it. It’s unlikely to matter to any malware you would find in the wild today. Secure boot keys get leaked. You can still get malware in your applications. Some malware even brings its own vulnerable drivers to punch into the kernel anyway and laugh in the face of your secure boot mitigation. The only thing secure boot can actually do when it works is to ensure that on the disk the boot loader and kernel look legit. I guess it kind of helps in theory.

This is good advice in general. Think of it like penetration testing. You really should verify what you can actually access remotely on a device and not assume you have any level of protection until you’ve tried it.

Log files can also contain signs of attack like password guessing. You should review these on a regular basis.

This again! Are you trying to program this image into my long term memory?

I was hoping for FreeBSD.

Is this related to the ermm convention going on right now in Orlando?

That’s a tough nut to crack. Even as a video game platform, they don’t write most of the software that they sell today. They would need to find some way to convince developers to write software for something that’s not the platform nearly all users are running.

I’m not sure that Microsoft ever did halt going down that path. My wife recently bought a PC that came locked down by default and required some fiddling to allow running unsigned apps. This was Windows 10, not sure about 11.

I think it could be more that broad compatibility with everything is their main selling point, and by doing so they were undermining their own ecosystem.

However, this is mere speculation on my part.

Valve is a Titan doing incredible work for the open source community and making money while doing so.

Successful open source software business model at work. Way to go.

But we continued to use the substances anyway because it was cost-effective.

Page break.

Chapter 6: The First Mutant

Anything to not reduce consumption.

I was just thinking the other day why we don’t have standardized EV batteries with a swap process for instant refueling. It would open up so many use cases, particularly for those who can’t have something like that charge overnight.

Loads of complex code exposed to an assumed trusted network is the model of printers. They’re going to be full of security issues.

This stuff should be sandboxed and then never, ever exposed to the Internet.

Entirely personal recommendation, take it or leave it: I’ve seen and attacked enough of this codebase to remove any CUPS service, binary and library from any of my systems and never again use a UNIX system to print. I’m also removing every zeroconf / avahi / bonjour listener. You might consider doing the same.

Great advice. It would appear these developers don’t take security seriously.

The most reliable way I know is to seek documentation for the board. It’s up there with PCI lanes in that the board designer will know what has been configured to work with that physical connector. This kind of info is definitely part of your motherboard documentation.

I’m not familiar with dmidecode so unfortunately I cannot comment on that.

Looks like one to me. Remember that M.2 is a form factor. You can have an M.2 slot that does not support SSD storage for example. I have one that is only intended to work with wifi adapters.

Based on the wifi designation on the board I’ll bet it only works with wifi cards.

M.2 is a form-factor. It talks about the shape only, it says nothing about what the device you are using can do. Many boards have restrictions on supported devices for the physical slot.