12 hours a day on his computer
Those are rookie numbers, he has to get his game up.
all the 3-letter agencies pool their resources
billions of dollars are dumped into the project
several years later they manage to decrypt all of this guy’s communications
it’s nothing but chats about how to encrypt shitTime for the $5 wrench…
Or just beat the shit out of them and get the info you need (or more likely want).
Relevant xkcd: https://www.explainxkcd.com/wiki/index.php/File:security.png
Wow, forgot about this one.
that did actually happen to a guy, over the password to his bitcoin account
https://abcnews.go.com/US/nyc-crypto-kidnapping-torture-case/story?id=122280419
Holly shit!
Assistant District Attorney Michael Mattson said Woeltz and Duplessie allegedly lured the man to New York from Italy by threatening to have his family killed.
Really a stretch of the word lured…
Except it has gotten that bad and worse I’ve seen other articles detailing similar ransoms and physical beatings to steal folks cryptocurrencies
Yes, that is what the wrench is for…
Yes, that is how you’d use a wrench in that context
I don’t know, but I’m down with the clown… oh sorry, I thought you asked what was a Juggalo
I got into gentoo because it made patching the kernel to hold luks keys in debug registers instead of RAM easier than Arch 😅
Wait, what? That’s so cool! Care to share somewhere I can start looking into this?
Thank you very much!
“His fucking kernel is deblobbed too?”
As a noob, I genuinely can’t tell if this is real jargon or not
Lol tell me your computer is blobbed without telling me your computer is blobbed!
I would love to be fully open source but what metal to use…?
Tower’s explanation of blobs is kind of strange and not really correct. In a general sense a binary blob is just a situation where you have open-source software that is combined with proprietary components.
Most relevant example to the meme is that the Linux kernel is open-source, but can sometimes contain drivers that are proprietary and don’t have source code available. Those proprietary drivers would be the blobs.
As a counter-example, the linux-libre kernel that devfuuu linked to, is a version of the Linux kernel that has had all the blobs removed.
Oh that makes so much more sense <3
It’s referring to binary blobs. A windows exe might be a binary blob.
These are distributed compiled. Even if the project is open sources, the binary blob might have been generated by a compromised compiler.This is one of the reasons the XZ Utils compromisation went unnoticed for so long. One of the compressed files used for testing contained malicious code that would be included in the build artefacts (IE, the final compiled binary) under very narrow and specific circumstances.
So “deblobbed” means absolutely everything in the OS was built & compiled on their computer from original source code
Thanks! I wonder if I will ever reach that level of privacy paranoia. At the rate that I’m going, maybe 5 years.
Thanks. But I don’t understand why any of that ensures that the compiler isn’t compromised? Do you mean they have presumably vetted the compiler themselves first? This is something that would be incredibly time consuming to do, assuming we are talking about gcc or something equivalent, which, I mean if you’re compiling an OS…
The concepts they’re referring to have more to do with Ken Thompson’s Trusting Trust essay. Laurie Wired recently came out with an episode about it. It’s a rather intractable problem in computing, and unfortunately, even with the best practices to overcome it, you can never be 100% sure that your system is completely free of compromise.
Funny, I just watched it :D great recommendation
That’s true.
But the idea is that there are no precompiled binaries that are implicitly trusted.
So you CAN vet all of the code and artefacts, and if something doesn’t seem right you can trace it back to the code and understand exactly why, instead of seeing a black-box binary and coming to the conclusion “it’s doing something it shouldn’t, but I don’t know what or why”.
The idea is that you are in control of the entire build process.But yes, it would be extremely time consuming to vet GCC, build it from source and (I guess) compare checksum/hashes against published binaries. Then vet all of the source code of everything you need to compile for Gentoo, then compile that and compare checksum/hashes etc.
Which is why it’s in a 4chan meme.But I imagine governments agency will have some deblobbed Linux installs with the technical capacity to vet all the code and artefacts
Ah yes… Government… Yeah they seem extremely,… very competent… For sure, for sure . But yeah , thanks see ya
Linux nerds literally only want one thing and it’s fucking the idea that your full disk encryption will pay off one day.
your full disk encryption will pay off one day
They day you fuck up your password one too many times and lock yourself out of your own computer.
That’s the best part, it can never really “pay off.” It can only mitigate. Hardly seems worth it to me. Alas.
Aren’t you worried about your laptop getting stolen?
I personally am only worried about data loss, not data theft. But I do take privacy relatively seriously nonetheless.
I use different methods for both. Encryption so all of my logins and personal stuff isn’t lost if my laptop is stolen and backups to safeguars the important data.
The important files are encrypted. The browser runs in RAM.
I just find it annoying to have to log in every time to sites so I have cookies on the disk
It pays off the moment someone steals my bag with the laptop when I leave the office or coffe shop.
One of these days! 🤞
It can, but most likely it only would if you’re doing illegal shit and get caught. They’d search your place for evidence and FDE could keep them from discovering some things.
But uh, if they got that far into investigating you then you’re probably already screwed.
Not true at all. Governments regularly raid political dissidents. It’s a disciplinary tactic in and of itself. I’ve been raided for plenty of shit and never been convicted of any crime.
I mean the average dork not cool people like you (if you’re being truthful)
Persons of interest to governments should always be diligent.
I know a nice middle aged mum whose house was raided by whatever the Australian SWAT team calls themselves at 2am. She’s basically considered a public enemy by the government. And the worst she’s ever been accused of is blocking traffic and using water-soluble spray chalk on buildings.
TOU/TORS I think they call them now days.
My point is that raids are for the purpose of gathering evidence. The way it usually works is that the state decides they want to criminalise you for something so they search your place for anything they can use to incriminate you—not vice versa, ie they dont already have enough evidence to incriminate you when they plan the raid.
I don’t know about a majority of people, but with the rise of the far-right across many countries I think it is a significant number of people who are at risk of this, and I think it’s rather short-sighted to assume only a small number of “cool people” are affected (thank you though). Like I am a nobody, I’m not famous, and there are lots of political organisers and militants like me you’ve never heard of being targeted for their political activities. You don’t need to be a Snowden to have some degree of state interest in you, and most state repression (raids, incarceration, arrests, etc) is relatively cheap to dish out willy-nilly.
I think he’s over blowing the 5 dollar wrench method.
Unless you live in a place where human rights are disregarded like every possible moment, they’d probably only resort to torturing you to gain access if they believe you are somehow connected or have ancillary evidence that points to you. IE that darkweb dude they tortured in Turkey to gain access to his encrypted laptop containing incriminating evidence.
Otherwise they’ll just do a preemptive raid hoping that it leads to new information.
Like right now border patrol has been forcing foreigners to show data on their mobile devices to see if you have any roasted vance memes so they can turn you away. But in many cases, it has been done because they already had you flagged as posting or sharing roasted vance memes online.
Of course you could also always be in a craphole country where they’ll torture you anyway, regardless if they have any reason to believe you are connected to something, but simply due to the fact that you opted to use FDE or any practical security scheme.
Doesn’t need to be a government but just common thiefs getting your computer and selling it to someone who knows what to look for.
It’s when your disk breaks and you can just throw it away without worries.
What’s þe fun in þat? I bought þe giant electromagnet electric media wiper for a reason.
Is there any reason to do full disk encryption, vs encrypting a single partiton or a folder with eCryptfs? It’s not like your /usr/bin, etc… needs to be encrypted, but encrypting it reduces performance.
Is there any reason to do full disk encryption, vs encrypting a single partiton or a folder with eCryptfs?
One obvious reason is that it just is very simple to encrypt the entire disk and be done with it.
Suppose you’re in some hypothetical country where torrenting is illegal. The presence of
/usr/bin/qbittorrenton your disk could be enough to face charges. Unencrypted/var/log? Maybe they can see you’ve been running a cryptocurrency miner. There could be plenty of data outside of$HOMEon your computer which a cop might try to use against you.In the most paranoid hypothetical scenario, someone could mount your unencrypted
/usr/binand replaceopensslwith a compromised version./var/log and the likes aren’t really issues, I just have mine as a link to the real one in an eCryptfs folder. Though I guess you’d be right about qbittorrent, this is something pretty rare.
In the most paranoid hypothetical scenario, someone could mount your unencrypted
/usr/binand replaceopensslwith a compromised version.I suppose if you’re in this situation, you have way more important things to deal with. That would imply someone has physical access to your computer, at that point if they really want to know what you’re doing they might as well setup a camera.
What I’m getting at is that for people using FDE, any performance hit is worth it compared to worrying that you’ve covered every angle.
By default, most FDE have horrible performance hits and require significant tweaking, configuring and benchmarking to get it right depending on hardware, use cases, conditions… I’m sure there are quite a bunch of people out there who don’t want to do any tweaking while still having the performance they paid for.
Unless what you are doing is heavily I/O dependant (mostly heavy database workloads), that’s not really true anymore, especially with a modern CPU and say, LUKS encryption. Phoronix has a recent review of FDE using LUKS, and apart from synthetic I/O tests, the difference isn’t really observable.
Try
cryptsetup benchmarkon your pc and look at the results for aes-xts for example.
We can get around Intel ME?
I could be wrong, but if I remember correctly, the Thinkpad x61 was the last version to ship without Intel ME, and I assumed the meme was a nod to that.
Pretty sure there’s a script somewhere that neuters it a bit.
Don’t buy an Intel CPU :)
AMD has PSP, same bullshit. I’m not ARM ready either.
Some computers do not require having the ME firmware installed. Usually, these are computers supported by a 100% free BIOS replacement such as GNU Boot (see the compatible models on the website). Libreboot was fully free in the past but it’s not true anymore since it does now support computers needing the ME working (at least for computer initialization) but neutered so that most of it can’t operate. However, you can’t be sure whether a neutered ME is harmful or not since we don’t know what it can really do as the initialization source code is not known.
I love this idea when in reality they probably have some Israeli 3rd party that they use that can just pop any system in under an hour regardless of any protection you think you have.
Last line should have been “we cant he lives on the street”
A government hackerman would be the same guy. Except working for the government.
Can’t have ring -3 vulnerabilities if your CPU doesn’t have a ring -3
Hero.
They missed out the firmware in the WiFi adapter
Openwrt.
That’s not firmware in wifi adapter.
Unless you’re me who uses an OpenWRT router connected to wifi, plugged into my laptop via Ethernet
That is still not running in the wifi chip itself.
fool of you for thinking timmy would have wifi in his thinkpad T430
wifi? Nope. snip, snip
- under investigation for ordering child sex dolls under their real name to their home address with their bank account and posting pictures with their face in it to reddit
