|
Plorkyeran posted:mostly. the big downside is that it now takes multiple hours to install a security update for safari instead of five minutes and that's gonna reduce how many people are fully up-to-date.
|
#
?
Jan 16, 2022 17:10
|
|
|
|
| # ? Apr 19, 2024 13:48 |
|
|
|
|
#
?
Jan 16, 2022 17:22
|
|
|
~Coxy posted:Isn't Safari on the main volume? safari.app is mostly just a gui wrapper around a bunch of system libraries, and most of the security-relevant bits are in those libraries
|
|
#
?
Jan 16, 2022 17:48
|
|
|
BlankSystemDaemon posted:you didn't say file lock until just then, though no, I was talking about lock files, like the original discussion
|
|
#
?
Jan 16, 2022 18:05
|
|
|
I think leaving your files unlocked and running should be a felony like with your car
|
|
#
?
Jan 16, 2022 18:46
|
|
|
always clunk your fids
|
|
#
?
Jan 16, 2022 18:53
|
|
|
File locks are the best mystery.
|
|
#
?
Jan 16, 2022 18:56
|
|
|
keep your files in a trapper keeper for extra security
|
|
#
?
Jan 16, 2022 20:46
|
|
|
I just write a big note on the login screen that says "NO FILES IN OS"
|
|
#
?
Jan 16, 2022 20:51
|
|
|
Nvidia update comes with notice “our drivers carry less than 20 files”
|
|
#
?
Jan 16, 2022 20:55
|
|
|
Hed posted:Nvidia update comes with notice “our drivers carry less than 20 files” lmao
|
|
#
?
Jan 16, 2022 21:12
|
|
|
Hed posted:Nvidia update comes with notice “our drivers carry less than 20 files”
|
|
#
?
Jan 16, 2022 21:23
|
|
|
i simply don't lock my files. a system can rummage around my disk all it wants; like my posts, there's nothing of value thereHed posted:Nvidia update comes with notice “our drivers carry less than 20 files” lol
|
|
#
?
Jan 16, 2022 21:26
|
|
|
Agile Vector posted:i simply don't lock my files. a system can rummage around my disk all it wants; like my posts, there's nothing of value there the stallman method
|
|
#
?
Jan 16, 2022 21:35
|
|
|
Hed posted:Nvidia update comes with notice “our drivers carry less than 20 files” yessss
|
|
#
?
Jan 16, 2022 22:16
|
|
|
fresh safari vuln https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/
|
|
#
?
Jan 16, 2022 23:01
|
|
|
Hed posted:Nvidia update comes with notice “our drivers carry less than 20 files” lmao
|
|
#
?
Jan 17, 2022 04:20
|
|
|
Hed posted:Nvidia update comes with notice “our drivers carry less than 20 files” someone explain this one, idgi
|
|
#
?
Jan 17, 2022 06:19
|
|
|
ymgve posted:someone explain this one, idgi delivery-focused companies usually write "our drivers carry less than $20" somewhere on the delivery vehicle or pizza box or whatever to discourage people from trying to rob the driver (and explain why they can't give change for a fifty or w/e)
|
|
#
?
Jan 17, 2022 06:23
|
|
|
El Mero Mero posted:I just write a big note on the login screen that says "NO FILES IN OS" Hed posted:Nvidia update comes with notice “our drivers carry less than 20 files” good
|
|
#
?
Jan 17, 2022 08:06
|
|
|
https://twitter.com/atomicthumbs/status/1482859329858404352?s=20 oh hey atomicthumbs
|
|
#
?
Jan 17, 2022 16:08
|
|
|
pretty normal isn't it, at least with hardware crypto "disabled" is often just the key being freely available rather than a special path where the bits hit the storage 1:1?
|
|
#
?
Jan 17, 2022 16:12
|
|
|
Cybernetic Vermin posted:pretty normal isn't it, at least with hardware crypto "disabled" is often just the key being freely available rather than a special path where the bits hit the storage 1:1? guess its good to know the hardware TPM requirement for W11 was in fact entirely arbitrary
|
|
#
?
Jan 17, 2022 16:29
|
|
|
Jenny Agutter posted:guess its good to know the hardware TPM requirement for W11 was in fact entirely arbitrary what security boundary are you trying to preserve here though, if the expectation is no encryption leaving the key out in the open seems perfectly fine, involving tpm to with no credentials decrypt at most adds a thing that can fail? e: i honestly suspect i am just missing something here though Cybernetic Vermin fucked around with this message at 16:50 on Jan 17, 2022 |
|
#
?
Jan 17, 2022 16:37
|
|
|
Cybernetic Vermin posted:what security boundary are you trying to preserve here though, if the expectation is no encryption leaving the key out in the open seems perfectly fine, involving tpm to with no credentials decrypt at most adds a thing that can fail? why would one enable bitlocker with the expectation of no encryption? perhaps i am misreading but it seems like anyone who goes and enables bitlocker would expect the key to be secured, whether or not they are using a local account
|
|
#
?
Jan 17, 2022 16:55
|
|
|
I'm like 99% sure they're either intentionally misquoting in an attempt to own MS, or just fundamentally misunderstood the superuser thread they're reading "Until at least one protector is created, BitLocker cannot leave suspended mode and the Windows UI will report that it's waiting for activation." https://superuser.com/questions/1299600/is-a-volume-with-bitlocker-waiting-for-activation-encrypted-or-not
|
|
#
?
Jan 17, 2022 16:56
|
|
|
that behaviour is entirely intentional and it's to prevent scenarios like they had automatically enabling encryption in windows 10 where it was possible to have windows automatically enable encryption and no saved recovery key, leading to a complete unrecoverable data loss if the system did an update that broke the trust chain, which happened quite often
|
|
#
?
Jan 17, 2022 17:11
|
|
|
if you install windows 11 it should have used the TPM to store the key regardless of if you use a microsoft account or not. then if you ever did use a microsoft account you could backup your key from the tpm to the microsoft account. if its not storing in the TPM then thats a bug for sure. if the user disabled TPM or installed windows 11 on a computer without TPM, then thats an unsupported scenario and its on the user to manage it properly. if you dont want to use a microsoft account and arent using tpm, you should be able backup your keys to either a non-bitlocker encrypted location like an unencrypted volume, usb key, network drive, etc...
|
|
#
?
Jan 17, 2022 17:11
|
|
|
infernal machines posted:that behaviour is entirely intentional and it's to prevent scenarios like they had automatically enabling encryption in windows 10 where it was possible to have windows automatically enable encryption and no saved recovery key, leading to a complete unrecoverable data loss if the system did an update that broke the trust chain, which happened quite often yeah the entire suspension feature is to protect the user from themselves and bad firmware updates
|
|
#
?
Jan 17, 2022 17:12
|
|
|
the recovery key needs to be somewhere, so either it automatically gets syncd with a microsoft account or azuread account, or the user manually prints or saves it to another device. the system exist to protect users from themselves, like 99% of the stupid bullshit they do these days, and it works perfectly in that scenario. either the user uses an online account and it's handled automatically, or they know enough to manually backup the key or disable encryption, but it won't force them into a state where their data is permanently unrecoverable infernal machines fucked around with this message at 17:16 on Jan 17, 2022 |
|
#
?
Jan 17, 2022 17:13
|
|
|
i wonder if it prompts the user at all that they havent stored the recovery key?
|
|
#
?
Jan 17, 2022 17:15
|
|
|
Shaggar posted:i wonder if it prompts the user at all that they havent stored the recovery key? bitlocker setup in control panel basically forces you to save the recovery key somewhere
|
|
#
?
Jan 17, 2022 17:17
|
|
|
Buff Hardback posted:bitlocker setup in control panel basically forces you to save the recovery key somewhere yeah, that's the manual enablement process though. windows 11 does this automatically, without having to go into that control panel. there's an indicator on the drive in explorer if it's enabled but not active, but idk if there's a notification. probably it gets swamped under everything else trying to funnel you into signing in with a microsoft account
|
|
#
?
Jan 17, 2022 17:18
|
|
|
infernal machines posted:yeah, that's the manual enablement process though. windows 11 does this automatically, without having to go into that control panel. I mean yeah i really don't think this is that much of an issue? if you know bitlocker, you'll turn it on by the control panel options, not the regular flow. if it gets enabled for you randomly, you're protected from getting hosed if you don't have the key stored anywhere until you add an MS account
|
|
#
?
Jan 17, 2022 17:24
|
|
|
it's absolutely not "an issue", it's done by design and it works in an entirely comprehensible manner that can be overridden by power users if desired. if your problem with windows 11 is the system defaulting to a fail-safe state with volume encryption when you've gone out of your way to avoid their system for managing that, you are going to have much bigger problems with windows 11
|
|
#
?
Jan 17, 2022 18:16
|
|
|
Shaggar posted:if you install windows 11 it should have used the TPM to store the key regardless of if you use a microsoft account or not. then if you ever did use a microsoft account you could backup your key from the tpm to the microsoft account. isn't the whole point of a TPM that you can't actually pull the key out of it e: legit asking to make sure I actually understand TPM's like i thought i did
|
|
#
?
Jan 17, 2022 18:21
|
|
|
Shame Boy posted:isn't the whole point of a TPM that you can't actually pull the key out of it https://twitter.com/atomicthumbs/status/1482872028839350273 there are multiple keys, but the whole point of the bitlocker "suspended" protection behaviour is to keep the data readable in the event of a chain of trust failure. that's why it's called "suspended". if you force it out of suspended mode, one way or another, which can be done manually by the user without the use of a microsoft account, then the key will not be stored in the clear. also, if the user signs into a microsoft account then the volume recovery key is stored there and the system will no longer store the key in the clear on the system. infernal machines fucked around with this message at 18:28 on Jan 17, 2022 |
|
#
?
Jan 17, 2022 18:25
|
|
|
Shame Boy posted:isn't the whole point of a TPM that you can't actually pull the key out of it yeah tbh im not sure and i may be wrong about that, but i have generated new recovery keys when my system was in fully protected mode so its getting the key material from somewhere
|
|
#
?
Jan 17, 2022 18:41
|
|
|
infernal machines posted:it's absolutely not "an issue", it's done by design and it works in an entirely comprehensible manner that can be overridden by power users if desired. exactly this is what i meant the tweet was super obviously disingenuously meant as a "ms won't let you use bitlocker without an MS account!!!!" snipe
|
|
#
?
Jan 17, 2022 18:54
|
|
|
|
| # ? Apr 19, 2024 13:48 |
|
|
Buff Hardback posted:exactly this is what i meant You must be new here. Welcome.
|
|
#
?
Jan 17, 2022 20:29
|
|
