I was talking less install a bootkit and giving it back to be and more just straight-up stealing the laptop and seeing if they can get any personal info they can sell before formatting it and eBaying it.
Still, your points are totally valid.
data1701d
joined 2 years ago
The password thing is pretty based, honestly. What you say is probably not possible, as the NT kernel would have to support LUKS, I'm pretty sure, which it doesn't.
Precisely. I just use probably as a catch all.
It really shouldn't matter. I know what they're talking about and it's true.
It's not malicious or "ransomware", and this is perfectly normal, default behavior for most devices - both macOS and Windows implement full disk encryption in a default install these days, and your key is almost always in your Microsoft Account on the Microsoft website. While Microsoft does a lot of crap wrong, in this case, Windows's failure to decrypt under GRUB is security features actually kind of doing their job. Basically, trying to boot Windows through GRUB confuses the TPM, causing it to not want to give the keys in case the Windows boot partition has been tampered with by bad actors. Thus, you have to boot directly through Windows Boot Manager, not GRUB
Also, secure boot and TPM aren't just some conspiracy by Microsoft to block Linux; they are attempts at implementing legitimately necessary security features. Full disk encryption supported by correctly implemented secure boot and an encryption chip are essential to having modern security. Linux is not blocked by TPM and Secure Boot; it is certainly possible for Linux distributions to take advantage of them to enhance their own security. I have implemented automatic LUKS full disk encryption that similarly fails to unlock if the partition has been tampered with on my Debian install. In theory, they can actually be used to help improve your security.
That is not to say I think TPM and secure boot are good, though. The really obnoxious thing about secure boot is that all the certificates are controlled by Microsoft rather than a standards body or a group of certificate authorities. While so far, Microsoft has kept it relatively open by providing the third party CA and the shim binary in order to avoid having its neck snapped by the FTC, considering the current administration, we don't know how much longer they'll keep it up, and they could actualize the much-feared blocking of Linux.
The other big problem with TPMs and secure boot is that often, there are so many different implementations and frequently major security flaws in their implementations that weaken their protection. A typical petty thief stealing your laptop still probably won't be able to decrypt your drive, but a nation state can probably find a way. It doesn't help that Windows doesn't encrypt communication between the CPU and the TPM (luckily, the Linux kernel does that by default). Despite these issues, I'd say TPM and Secure Boot is better than nothing for most devices; not using them (EDIT: or a non-M$-controlled alternative, like a memorized drive password AND/OR FIDO keys, which may be better) at least in part means your device is more vulnerable to physical access and bootkit attacks than even most Windows laptops, and they are often the only tools at your defense
EDIT: An addendum: Now the really smart thing I've heard people do is to keep the boot partition on a flash drive (possibly with a keypad or biometrics) that you keep with you at all times.
I'm agreeing with other people; there's probably a drive issue that the shop didn't catch.
On my machine, those two services that take 30 seconds for you do not take nearly that long for me. dev-mapper-DebianVolume\x2dDebianMain.device (which is equivalent to dev-mapper-data\x2droot.device; our drives are just called different things) only takes 1.074 seconds for me, while lvm2-monitor.service only takes 357 milliseconds.
I've only ever seen Linux boots take this long when either a drive failed or I accidentally formatted a drive that's in my fstab, causing it to fail to mount and eventually landing me in a recovery shell. At that point, I'd either use the recovery shell or a USB to edit the fstab.
Next time you boot in, check to see if all your drives are showing up, check disk health, etcetera. Also, although this likely won't solve the problem, check that your drive connections are well-seated.
Depending on how your system is set up, DRI_PRIME might use a different number. Generally, you check with glxinfo.
This is a relatively new CPU. You might struggle on Ubuntu as well. As much as I love Debian, something like Fedora might be better.
It may be possible to get Debian running, though - either run Debian Testing or install a Backports kernel and Mesa. Were you failing to boot Debian, or did you just struggle after getting it installed?
Either way, I just don't recommend Ubuntu.
A suggestion: if you can't find anything else for them, keep them around as parts machines.
There should still be useful components in them. For instance, a lot of the Wi-Fi modems may still be perfectly good for other things as long as they're mini-PCIE (I don't know if they use those in desktops). They may not be the absolute newest standard, but should still do the trick; it certainly came in handy when my sister's laptop's Wi-Fi modem decided to be a brat - I just swapped in an Intel modem from a laptop from 2016.
I might not fully trust the SSDs or the HDDs, but they can still have their uses. There's one SSD from an old desktop that I currently have hooked up to my Wii U.
From what I can tell, people have supposedly run LLMs on it with not great, but not necessarily horrible results; Certainly has to be better than those clickbait posts about people running llama on Windows 98.
A lot of budget desktops from the past decade can at least match, if not significantly outclass a Raspberry Pi 5. Heck, that barely beats my i5 from 2009, and the performance of CPUs has increased significantly since then.
Then again, I'm not particular interested in gen ML, self-hosted or not, so I don't really care.
Although seem to have solved your main issue, I have a few comments on your Steam Run command.
For one, I think VK_DRIVER_FILES=/usr/share/vulkan/icd.d/nvidia_icd.x86_64.json and your prime-run command are redundant - both of those will do the same thing. Personally, I use neither of those and instead do something like DRI_PRIME=1 %command% (obviously not this exactly always, as there might be other flags, but roughly the idea).
In general, I’d just recommend seeing which of these command flags you really need, because I see people in ProtonDB getting away with much simpler launch commands.
179
Half of these exist because I was bored once.
The Windows 10 and MacOS ones are GPU passthrough enabled and what I occasionally use if I have to use a Windows or Mac application. Windows 7 is also GPU enabled, but is more a nostalgia thing than anything.
I think my PopOS VM was originally installed for fun, but I used it along with my Arch Linux, Debian 12 and Testing (I run Testing on host, but I wanted a fresh environment and was too lazy to spin up a Docker or chroot), Ubuntu 23.10 and Fedora to test various software builds and bugs, as I don't like touching normal Ubuntu unless I must.
The Windows Server 2022 one is one I recently spun up to mess with Windows Docker Containers (I have to port an app to Windows, and was looking at that for CI). That all become moot when I found out Github's CI doesn't support Windows Docker containers despite supporting Windows runners (The organization I'm doing it for uses Github, so I have to use it).
Another update: https://startrek.website/post/13283869 I found a fix for my issue. I'm annoyed that I had it in the first place, but I overall still like my laptop.
Important update in this post: https://startrek.website/post/14075369 I still consider this a good laptop, but this is an important fix if you're using this on Debian 12. When 13 comes out next year, the out-of-box support of this laptop should be basically perfect.
Anyhow, back to the original post: I recently got a brand new laptop, a Thinkpad 21JT001PUS, to consolidate/replace my array of various on-the-go-Linux devices, and I have to say, I'm impressed. I know Thinkpad and Linux aren't news, but for such a recent device, I am surprised how well it works. The price wasn't bad (which makes up for the fact that it's a Zen 3 chip with DDR4, in my opinion), it has good upgradability (I'll touch a bit on my experience later), and hardware support was really good.
I initially tested hardware support with Debian Testing Trixie XFCE (as that was the Live USB I happened to have on hand, since I often test devices and also keep it around as a backup for my desktop, which runs Testing). At first I couldn't get it to boot, but then I found the BIOS setting to enable non-Microsoft certificates. After that, I booted in and found everything worked out of the box (except the fingerprint sensor, of course, but that's extremely rare for any laptop anyway). However, after experience with my previous portable devices, I learned I prefer stable distributions on those, as during some parts of the year, I can go months without opening the laptop.
Thus, I retested with Bookworm. Almost everything worked still, except for the Wi-Fi (which seems to have been introduced in later kernel versions). Luckily, this thing has an ethernet port (From which it is HECK to remove cables - I've found I had to twist the end up a bit to get it out), so I was able to do an install and then add the Backports kernel to get Wi-Fi working.
One minor issue I had (a software fault rather than a hardware/kernel one) was Bluetooth headphones, but as it turned out, it was just that PulseAudio was installed instead of Pipewire, so after switching, it worked flawlessly with Blueman).
As for battery life, so far it seems okay (as I write this, it says 3:29 left at 51%), but I haven't rigorously tested it yet (though I threw on the usual tlp and stuff like that for good measure).
For performance, I once again haven't tested it too rigorously, but I did play some Civ VI, which it was keeping up with just fine.
The upgrabability of this laptop does have one caveat, though. The bottom is a bother to remove, and most Youtube crap conveniently glosses over them. For one, some of the screws would get loose but not come out all the way. I eventually found the trick was to throw some pry tool under the screw head to hold it up so I could get it the rest of the way out. After they were all out, the bottom cover STILL wouldn't budge. This too ended up being a matter of jamming a pick in one corner of the case and running another one to slowly pry up the bottom case on all sides. I lost a plastic tab or two in the process, but that doesn't show up on the outside, and I think 24 GB of RAM (and 2 TB of NVME 2280 storage + 256 GB, the Windows drive that I left in the 2242 bay) will be plenty for a long time.
Overall, I would say this is a great laptop for those who don't want to go the route of purchasing a used laptop for Linux. I'll say an 8.5 out of 10 due to the hard-to-remove bottom cover and weird ethernet port (Update: 8 out of 10 now due to the nasty Wi-Fi bug I had to fix with a few module options, see posts linked in top of page).
Here's the Linux Hardware probe: https://linux-hardware.org/?probe=1e50fb1862
view more: next ›
xkcd 1085: