- 0 Posts
- 22 Comments
Was backtrack before or after whoppix?
I’d say that the ctt winutil does a pretty good job. I’ve been running installs cleaned by it for a good year now without major issues
38·2 months agoThe canvas API needs specific access to hardware that isn’t usually available via browser APIs. It’s usually harder to get specific capability information from a user’s GPU for example. The canvas API needs capability information to decide how to draw objects across differently capable hardware, and those extra data points make it that much easier to uniquely identify a user. The more data points you can collect, the more unique each visitor is.
Here’s a good utility from the EFF to demonstrate the concept if you or anyone else is curious.
Just think, an extra long shirt can cover that hole, and we could embed a flexible display, wifi module, and a camera in the extra space. This could scan the faces of those around you, and display personalized ads! This is an excellent solution to the hole in your pants, and frankly, the only secure one.
You’re correct that nesting namespaces is unlikely to introduce measurable performance degradation. For performance, I was thinking mostly in the nested virtual network stack adding latency. Both docker and lxc run their own virtual interfaces.
There’s also the issue of running nested apparmor, selinux, and/or seccomp checks on processes in the child containers. I know that single instances of those are often enough to kill performance on highly latency sensitive applications (SAP netweaver is the example that comes to mind) so I would imagine two instances of those checks would exacerbate those concerns.
There are security performance and capability concerns with that approach, apparmor on the first layer lxc probably being the most annoying.
If you want to isolate your docker sandbox from your main host, you should use a vm not a container.
When you’re the size of LMG you don’t hire investigative law firms for PR; you do it for liability. The goal is to limit corporate liability by removing individuals likely to get you sued, and most importantly to distance leadership from it with plausible deniability. The firm also has its own reputation to consider, and wouldn’t let a client get away with materially misrepresenting their results.
I don’t think its unreasonable to suggest that a positive finding from an investigative firm is evidence to support their position that they, materially, did nothing wrong. The fact that no one was fired as a result of that investigation is a good sign externally, as it would open them up to more liability if they knew about it and did nothing.
The source to this compat library is in their sources last I checked, but because it’s not part of their standard repos it doesn’t technically have to be. I suspect this is eventually the end-goal.
A lot of industries are semi-forced into it. Let me give you an example I know of first-hand. Modern SAP stacks support 3 operating systems. Windows Server, RHEL, and SuSE.
You’re probably thinking to yourself: “but rhel is just regular linux, surely you can install it on anything if you have the appropriate dependencies, I’ll bet it even just works on rhel-compatibles like rocky, alma, or centos stream!”
And you would be ~sort of~ right, but wrong in the most dystopian way possible. The installer itself does hardcoded checks for “compatible” operating systems, using /etc/os-release and a few other common system files. Spoofing those to rhel 8.5 or whatever is easy enough, but the one that really gets you is a dependency for compat-glibc-X.Y-ZZZZ.x86_64. This “glibc compatibility library” is conveniently only accessible via a super special redhat repository granted by a super special sap license (which is like ~$2,000/year/cpu). Looking at the redhat sources it is actually just a bog-standard semi-modern glibc compile with nothing special. The only other thing you get with this license as far as I can tell is another metapackage that installs dependencies, and makes a few kernel tweaks recommended by SAP.
So you can install it on alma/rocky by impersonating rhel in /etc/os-release, and then compiling a version of glibc and linking it in a special hardcoded location, but SAP/Redhat put as many roadblocks in your way as possible to do this. It took me weeks of reverse-engineering the installer to get our farm off of the ~100k/yr that redhat wanted to charge us for essentially:
./configure --enable-bootstrap --enable-languages=c,c++,lto --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-shared --enable-threads=posix --enable-checking=release --enable-multilib --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-linker-build-id --with-gcc-major-version-only --enable-plugin --with-linker-hash-style=gnu --enable-initfini-array --disable-libquadmath --disable-libsanitizer --disable-libvtv --disable-libgomp --disable-libitm --disable-libssp --disable-libatomic --disable-libcilkrts --without-isl --disable-libmpx --enable-gnu-indirect-function --with-tune=generic --with-arch_32=i686 --build=x86_64-redhat-linux Thread model: posix gcc version 9.1.1 20190605 (Red Hat 9.1.1-2) (GCC)definitely worth $100,000/yr… much capitalism, many line go up
1·9 months agoI’m sorry but this is just a fundamentally incorrect take on the physics at play here.
You unfortunately can’t ever prevent further breakdown. Every time you run any voltage through any CPU, you are always slowly breaking down gate-oxides. This is a normal, non-thermal failure mode of consumer CPUs. The issue is that this breakdown is non-linear. As the breakdown process increases, it increases resistance inside the die, and as a consequence requires higher minimum voltages to remain stable. That higher voltage accelerates the rate of idle damage, making time disproportionately more damaging the more damaged a chip is.
If you want to read more on these failure modes, I’d recommend the following papers:
L. Shi et al., “Effects of Oxide Electric Field Stress on the Gate Oxide Reliability of Commercial SiC Power MOSFETs,” 2022 IEEE 9th Workshop on Wide Bandgap Power Devices & Applications
Y. Qian et al., “Modeling of Hot Carrier Injection on Gate-Induced Drain Leakage in PDSOI nMOSFET,” 2021 IEEE International Conference on Integrated Circuits, Technologies and Applications
The “problem” is that the more you understand the engineering, the less you believe Intel when they say they can fix it in microcode. Without writing an entire essay, the TL/DR is that the instability gets worse over time, and the only way that happens is if applied voltages are breaking down dielectric barriers within the chip. This damage is irreparable, 100% of chips in the wild are irreparably damaging themselves over time.
Even if Intel can slow the bleeding with microcode, they can’t repair the damage, and every chip that has ever ran under the bad code will have a measurably shorter lifespan. For the average gamer, that sometimes hasn’t even been the average warranty period.
I believe that one was patched a while ago
I actually had one of these myself. I worked at a college help desk as a student, and I got a call and the guy said “every time I flush the toilet, Xbox live disconnects”
My first thought was that it was a joke, the absurdity of the thing right? I unironically asked if I was being pranked, and he said he knew we wouldn’t believe him so he made a video. Sure enough, he walks into the bathroom, flushes the toilet, and like 5s later his Xbox shows a disconnection message on the TV.
Absolutely dumbfounded, I sent the networking guys up to his room, and like all of these stories, it does have a reasonable explanation. They ran the xbox’s Ethernet cable under a rug that was in front of the bathroom. Every time someone went to the bathroom, they would step on the cable, and the Xbox would disconnect. The timeout was 30s or so, just long enough that they’d pee or flush the toilet or whatever before they noticed the disconnection.
That would be diabolical lol
Apparently I am then lmao
Am I the only one who’s brain looks at that URL and just sees “anal’n dianna”?
Is that not how it works though? Lol
Remote assistance is not rdp, it’s Microsoft’s support hook over the Internet, which requires telemetry to function. It is distinctly separate from, and not a prerequisite for RDP.
The rest of that I’ll have to look into, but disabling remote assistance seems sane in that context.
I wonder if other parts of the shutdown dialog or hover context menu have phone home functions that can only be disabled in roundabout ways; it wouldn’t be the first time. It would not surprise me to learn that the “which apps are preventing shutdown” dialog would be something that triggers a call to phone that data home.