devops99 (u/devops99)

devops99 commented on FBI: Largest homemade explosives cache in agency history found in Virginia thehill.com/national-secu... · Posted by u/domofutu

Stevvo · 8 months ago

The terrorized neighbors who called the cops on him, and the accused himself evidenced by the 3 fingers he blew off in an explosion.

devops99 · 8 months ago

Did Spafford threaten the neighbors directly?

In a legal context, and also the real world sans a legal context, words do have meaning and words do matter. I don't see anything in the article that Spafford terrorized anyone.

Whether Spafford intended to terrorize anyone in the future is another matter, and a matter of legitimate and serious concern. But we must not confuse this with "terrorized" (past tense) if we are going to discuss the matter in a sane and sober way.

devops99 commented on The GPU, not the TPM, is the root of hardware DRM mjg59.dreamwidth.org/7095... · Posted by u/DvdGiessen

AnthonyMouse · 8 months ago

> Without secure boot (backed by TPM), I can boot a small USB device that has LEDs on it to indicate to me that the target system has been infected to send me a copy of the target's password, after I already imaged the disk (or when I have another team member steal it or take it by force later).

Which is the same thing that happens with secure boot, because they just steal the whole device and leave you one that looks the same to enter your password into so it will send it to them.

Meanwhile if you're using tamper-evident materials then you don't need secure boot, because then they can't undetectably remove the cover to get physical access to remove your UEFI password or image the machine.

devops99 · 8 months ago

Thank you for prompting attention to the switcheroo.

This angle of attack is generally unheard of, but should be considered. I can think of some mitigations that can work.

Tamper-evident materials are well-known by the crowds that will target users. There are many criminals among us, so many that those who don't have criminal psychology have a hard time wrapping their mind around it. Given this, I am cynical, and every defense within reasonable cost should be leveraged.

devops99 commented on Tell HN: Impassable Cloudflare challenges are ruining my browsing experience · Posted by u/blakeashleyjr

peanut-walrus · 8 months ago

The problem is that any solution so far proposed for this is very privacy-unfriendly.

For example, Google proposed https://github.com/explainers-by-googlers/Web-Environment-In... and this was shot down by privacy advocates (for very good reasons).

So basically the choice for website operators is either to fight the bots and accept that their service will be unusable for some subset of their users or not fight the bots, which will lead to their service becoming unusable for everyone.

More and more, you see services pushing you very hard towards using their app and the reason is that with the app, they are able to actually verify that you are likely not a bot (or rather, in reality, that at least the app is running on an actual physical device, mobile phone bot farms are unfortunately also a thing).

As for Cloudflare - they offer it as a service, so when the website operator has a choice between using them or allocating several engineers for bot-fighting, why would they not just go with Cloudflare? Doing it yourself can be slightly higher fidelity, as you know your customers better, but it is also a lot of effort which could be better spent elsewhere.

devops99 · 8 months ago

Why "fight the bots" anyway? If software that is acting out the will of some humans somewhere is retrieving static contents, what's the big deal?

devops99 commented on The GPU, not the TPM, is the root of hardware DRM mjg59.dreamwidth.org/7095... · Posted by u/DvdGiessen

__MatrixMan__ · 8 months ago

Anti-cheat is a lousy cover for something that's going to be much more lucrative when used to correlate the accounts of journalists and whistleblowers such that they can be silenced. It's censorship tech.

devops99 · 8 months ago

This here is a stronger motivator than any other motivator mentioned in all other comments posted. And "journalist" will include anyone who has the "wrong" memes on their machine.