Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)I

IHawkMike

@ IHawkMike @lemmy.world

Posts
0
Comments
197
Joined
3 yr. ago

  • It's probably not reasonable to expect this to improve in 2026.

    Jump

  • It's been broken and slow as hell since Vista. So yes, when IT "professionals" haven't figured out other ways to run common programs by now, it hints at how remedial their skills are.

  • Important reminder

    Jump

  • Have you had Culver's root beer? It's so good. It might be even better than A&W.

  • It's probably not reasonable to expect this to improve in 2026.

    Jump

  • Win+R, wt, Enter

    OR

    Win-X, I

    The start menu has sucked for a long time, but you don't have to use it. I cringe when I see other IT folks using its search feature to launch common apps.

    At least they are improving the app list with a nice category view and removing the All Apps button (still in preview). That'll at least upgrade it from hot garbage to okayish.

  • xkcd #3150: Ping

    Jump

  • I'd tell you a UDP joke, but you might not get it.

  • The last Nova dev is gone

    Jump

  • The last Nova dev is gone

    Jump

  • Always with the red flags

    Jump

  • I mean, on a typewriter yeah. But otherwise, no.

  • Is it fine if a website says "email already in use" before you hit submit?

    Jump

  • I don't think many places encrypt/hash email addresses, but even if they did they could just apply the hash algorithm to what you entered to compare the hashes.

  • Janeway: My coffee taste like light and photons.

    Jump

  • Can't say I've had this exact roast, but everything I've had from them has been good.

  • ArchLinux doesn't boot after computer lost power during system update

    Jump

  • LUKS > LVM > ext4

    Every time I install a new OS I ask myself if I should use BTRFS, if for no other reason than just to experience it. But I've never found a good enough reason that's worth even a sliver of stability loss over more mature options.

    It's probably because I've also been burned too many times trying ReFS over NTFS on Windows (except for Veeam).

  • Linux and Secure Boot certificate expiration

    Jump

  • Yep that's how my desktops and servers are set up. I only recently started adding the TPM PIN to my laptops for a bit of extra protection from cold boot / evil maid attacks.

  • Linux and Secure Boot certificate expiration

    Jump

  • given that Secure Boot prevents any modification of your computer's boot chain

    Secure Boot does no such thing. All it does it require that everything in the boot chain is signed by a trusted cert.

    Binding TPM PCR7 to FDE (or more brittle options like 0+2+4) is really what protects against boot chain modifications but that's another topic.

    Disabling SB to install the distro, then re-enabling it once installed with either maintainer-signed shim or self-signed UKI/bootloader is perfectly fine.

  • Linux and Secure Boot certificate expiration

    Jump

  • You need both FDE and Secure Boot, ideally with FDE using a TPM with PIN and PCR 7+15=0. FDE without SB can be trivially boot-kitted and obviously SB without FDE is mostly pointless. Maybe for a server/desktop behind locked doors you don't worry as much, but for a laptop you absolutely should. Also it's really easy in Arch to resign the UKI with sbctl via a pacman hook whenever the kernel is updated so there's no good reason not to use it.

    If you're relying on a LUKS password only, it can be brute-forced. To protect against that you need a decently long password which is annoying to type every boot. A short TPM PIN sealed by SB protecting LUKS is both more convent and more secure.

    Finally, if an attacker or malware gets root, FDE isn't protecting you either.

  • Linux and Secure Boot certificate expiration

    Jump

  • Yeah this is an issue but not a big one. Most distro's installation media don't use shim so you have to disable SB during install anyway.

    And installing the 2023 KEK and db certs can be done via firmware without much trouble or you can use sbctl in setup mode which I believe has both the 2011 and 2023 keys.

    If you dual boot Windows you'll want to update it to the new bootmgr signed with the 2023 keys and add the 2011 certs to dbx to protect against BlackLotus or let Windows do it via patches+regfixes.

    Also know that any changes to PK, KEK, dB, or dbx will change the PCR 7 measurement so handle that accordingly if you use TPM unlock for FDE.

  • The ASUS Dumpster Fire

    Jump

  • The ASUS Dumpster Fire

    Jump

  • Every last one of these questions is terrible

    Jump

  • It's unlikely since it uses the field ID and not the text, so it wouldn't know which question went with which answer.

    It's so rarely needed to actually use these anyway, that it's a non-issue IMO. You should never opt to use security questions as they are terrible from a security standpoint. This is just for when they are required by stupid websites.

  • Removed

    [Help please] Identify process that is calling a domain

    Jump

  • Most DNS queries are UDP.

    I'd do a modified scream test and change old.domain to something like 1.2.3.4. Then run sudo netstat or ss with -tpn, grepping for 1.2.3.4.

    Or something like grep -r old.domain /etc.

  • Perspective

    Jump

  • Yeah, that too.