j4k3

joined 2 years ago
sorted by: new top controversial old
Transferring data from Windows to Linux during migration in c/linux@lemmy.ml
[–] j4k3@lemmy.world 3 points 2 months ago

I have never used or cared about this W11. It has never seen the internet. I only keep it around for my keyboard's RGB controller app if I ever need it. So I have no clue if this is everything or whatnot, but that is a screenshot of my access to the windows file system from within the file manager of Fedora. That is a dual boot partition. Fedora is particularly good at coexisting with a dual boot partition.

An update on the move from one motherboard to another. in c/linux@lemmy.ml
[–] j4k3@lemmy.world 2 points 2 months ago* (last edited 2 months ago)

Just be aware that W11 is secure boot only.There is a lot of ambiguous nonsense about this subject by people that lack a fundamental understanding of secure boot. Secure Boot, is not supported by Linux at all. It is part of systems distros build outside of the kernel. These are different for various distros. Fedora does it best IMO, but Ubuntu has an advanced system too. Gentoo has tutorial information about how to setup the system properly yourself.

The US government also has a handy PDF about setting up secure boot properly. This subject is somewhat complicated by the fact the UEFI bootloader graphical interface standard is only a reference implementation, with no guarantee that it is fully implemented, (especially the case in consumer grade hardware). Last I checked, Gentoo has the only tutorial guide about how to use an application called Keytool to boot directly into the UEFI system, bypassing the GUI implemented on your hardware, and where you are able to set your own keys manually.

If you choose to try this, some guides will suggest using a better encryption key than the default. The worst that can happen is that the new keys will get rejected and a default will be refreshed. It may seem like your system does not support custom keys. Be sure to try again with the default for UEFI in your bootloader GUI implementation. If it still does not work, you must use Keytool.

The TPM module is a small physical hardware chip. Inside there is a register that has a secret hardware encryption key hard coded. This secret key is never accessible in software. Instead, this key is used to encrypt new keys, and hash against those keys to verify that whatever software package is untampered with, and to decrypt information outside of the rest of the system using Direct Memory Access (DMA), as in DRAM/system memory. This effectively means some piece of software is able to create secure connections to the outside world using encrypted communications that cannot be read by anything else running on your system.

As a more tangible example, Google Pixel phones are the only ones with a TPM chip. This TPM chip is how and why Graphene OS exists. They leverage the TPM chip to encrypt the device operating system that can be verified, and they create the secure encrypted communication path to manage Over The Air software updates automatically.

There are multiple Keys in your UEFI bootloader on your computer. The main key is by the hardware manufacturer. Anyone with this key is able to change all software from UEFI down in your device. These occasionally get leaked or compromised too, and often the issue is never resolved. It is up to you to monitor and update... - as insane as it sounds.

The next level key below, is the package key for an operating system. It cannot alter UEFI software, but does control anything that boots after. This is typically where the Microsoft key is the default. It means they effectively control what operating system boots. Microsoft has issued what are called shim keys to Ubuntu and Fedora. Last I heard, these keys expired in October 2025 and had to be refreshed or may not have been reissued by M$. This shim was like a pass for these two distros to work under the M$ PKey. In other words, vanilla Ubuntu and Fedora Workstation could just work with Secure Boot enabled.

All issues in this space have nothing to do with where you put the operating systems on your drives. Stating nonsense about dual booting a partition is the stupid ambiguous misinformation that causes all of the problems. It is irrelevant where the operating systems are placed. Your specific bootloader implementation may be optimised to boot faster by jumping into the first one it finds. That is not the correct way for secure boot to work. It is supposed to check for any bootable code and deplete anything without a signed encryption key. People that do not understand this system, are playing a game of Russian Roulette. There one drive may get registered first in UEFI 99% of the time due to physical hardware PCB design and layout. That one time some random power quality issue shows up due to a power transient or whatnot, suddenly their OS boot entry is deleted.

The main key, and package keys are the encryption key owners of your hardware. People can literally use these to log into your machine if they have access to these keys. They can install or remove software from this interface. You have the right to take ownership of your machine by setting these yourself. You can set the main key, then you can use the Microsoft system online to get a new package key to run W10 w/SB or W11. You can sign any distro or other bootable code with your main key. Other than the issue of one of the default keys from the manufacturer or Microsoft getting compromised, I think the only vulnerabilities that secure boot protects against are physical access based attacks in terms of 3rd party issues. The system places a lot of trust in the manufacturer and Microsoft, and they are the owners of the hardware that are able to lock you out of, surveil, or theoretically exploit you with stalkerware. In practice, these connections are still using DNS on your network. If you have not disabled or blocked ECH like cloudflare-ech.com, I believe it is possible for a server to make an ECH connection and then create a side channel connection that would not show up on your network at all. Theoretically, I believe Microsoft could use their PKey on your hardware to connect to your hardware through ECH after your machine connects to any of their infrastructure.

Then the TMP chip becomes insidious and has the potential to create a surveillance state, as it can be used to further encrypt communications. The underlying hardware in all modern computers has another secret operating system too, so it does not need to cross your machine. For Intel, this system is call the Management Engine. In AMD it is the Platform Security Processor. In ARM it is called TrustZone.

Anyways, all of that is why it is why the Linux kernel does not directly support secure boot, the broader machinery, and the abstracted broader implications of why it matters.

I have a dual boot w11 partition on the same drive with secure boot and have had this for the last 2 years without ever having an issue. It is practically required to do this if you want to run CUDA stuff. I recommend owning your own hardware whenever possible.

An update on the move from one motherboard to another. in c/linux@lemmy.ml
[–] j4k3@lemmy.world 11 points 2 months ago (2 children)

Any UEFI secure boot enabled distro will remove all boot entries without a valid package key or a shim to a valid key.

Glad you got it working.

Anon Hates College in c/greentext@sh.itjust.works
[–] j4k3@lemmy.world 17 points 2 months ago (2 children)

Anon, tell us about 1960 again.

Anon travels overseas in c/greentext@sh.itjust.works
German court: ChatGPT violated copyright law by ‘learning’ from song lyrics in c/technology@lemmy.world
I think the fediverse needs Android like hardware packaging in c/fediverse@lemmy.world
[–] j4k3@lemmy.world 1 points 3 months ago

Not in terms of kernel supported encodings and long term kernel support, from what I have seen. I have not looked into this in depth. However, looking at git repo merged pulls, issues raised, and the lack of any consistent hardware commitments or consensus, implies to me that the hardware is very unstable in the long term. When I see any hardware with mostly only base Debian support, it screams that the hardware is on an orphaned kernel and will likely never get to mainline. The same applies to Arch to a lesser degree. Debian has the primary tool chain for bootstrapping and hardware hacking. When it is the primary option supported, I consider the hardware insecure and unsafe to connect to the internet. I've seen a few instances where people are talking about the limited forms of encoding support and the incomplete nature of those that do exist. It is far more important to have hardware that will be supported with mainline kernel security updates and is compatible with the majority of encodings. It would be terrible to find out the thing could not support common audio or video codecs. IIRC there was an issue along these lines with the RISC-V PineTab.

I know the primary goto for RISC-V is SiFive, but I have not seen a goto LTS processor from them in terms of third party consistent use.

Plus, while more open is mor betterer, RISC-V is not full proof from a proprietary blob either. The ISA addresses the monopolistic tyranny and extortion of players like Intel, but there is nothing preventing the inclusion of 3rd party proprietary module blocks. The entire point is to create an open market for the sale and inclusion of IP blocks that are compatible with an open standard. Nothing about these blocks is required to be open. I don't know if such a thing could be set to a negative ring more privileged than the kernel, but I expect this to be the case.

I think the fediverse needs Android like hardware packaging in c/fediverse@lemmy.world
[–] j4k3@lemmy.world 0 points 3 months ago

Most people's routers are already up 24/7.

We should be able to do our own DNS. Who cares if it is on the wider clearweb. You are paying for an IP address with your internet connection. If you are running a server with verified hardware and signed code, all we need is a half dozen nodes mirroring our own DNS. There must be a backup proxy for the few terrible providers that cause issues with IP. The addresses are not static, but they do not change very often. At worse, you hit a manual button to reset or wait 10 minutes before the DNS updates.

I think the fediverse needs Android like hardware packaging in c/fediverse@lemmy.world
[–] j4k3@lemmy.world 1 points 3 months ago (1 children)

Rπ is proprietary. You really need a hard drive for storage. The point is a TPM based encryption with no user configuration or worry about securing the thing. It just works with no excuses.

I think the fediverse needs Android like hardware packaging in c/fediverse@lemmy.world
[–] j4k3@lemmy.world 0 points 3 months ago (4 children)

It is not about the people that already host. It is about enabling many more by giving them an option to buy a path of least resistance. In exchange, it creates a potential revenue source in a completely untapped demographic. The subscription/donations demographic is like a very unique and niche market. The vast majority of people do not exist within that space. Most people do not have the financial stability to engage like this. It is not that they are unable to accumulate adequate funds, it is that their pay fluctuates over time and their baseline constraints are far more stressful than spending from times of surplus and opportunity. Catering only to those with such surplus and gatekeeping the complexity of self hosting is massively limiting adoption.

The rule in managing a chain of retail stores is that, no matter how you select products to stock in stores, it is impossible to only select products that will all sell on one platform. How you manage the overburden always determines your long term success. You must employ other platforms and demographics to prioritize the mobility of cash flow.

Similarly but inverted, this place has a slice of all demographics. Efforts tailored to the various subsets should tap entirely new potential. A fool imagines they can convert the unstable poor*'r* into a reliable stable income source via donations. Someone like myself has means but not a situation that is compatible. If I have some tangible thing to purchase, I can make that happen. I do not have any subscriptions in life for anything at all. Heck, I won't even shop on any of my devices I use regularly because I only buy what I intend to go looking to purchase with intent. That is not common, but what is common are spontaneous people that need time to align their finances with their desires. That person is likely to dread paying $5 every month compared to $250 in May when they get a couple thousand dollars on a tax return. Expecting the public to float the stability is stupid. That is not how the real world works. Real businesses always float the overhead. I'm talking about how to free the masses to self host everything for the cost of a nice router spent once with no techno leet filter.

I think the fediverse needs Android like hardware packaging in c/fediverse@lemmy.world
I think the fediverse needs Android like hardware packaging in c/fediverse@lemmy.world
2
I think the fediverse needs Android like hardware packaging (lemmy.world)
 

We need a system like a RockChip processor based single board computer, paired with a trusted protection module, and all fediverse services prepackaged for minimal user input required to self host any fediverse services. All updates should be safely installed over the air via the TPM chip based encryption just like with Graphene OS. All of the necessary connections should be preconfigured to punch a hole for the port into the internet. The hardware should be completely locked down with an immutable base system and SE Linux fully configured. There shouldn't be any accommodations for obscure edge cases outside of the base configuration. It should not require any further payment or services.

A RockChip RK3588 is fully documented with a 3k3 page long full datasheet. As I understand it, this chip is open hardware, though it still has the ARM proprietary blob (TrustZone), similar to the x86_64 Intel Management Engine, and AMD Platform Security Processor. I have not heard of a similar system present in RISC-V processors, but I also have not seen RISC-V SBCs that are more than alpha prototype dev kits. Unlike other single board computers, the RK series has the documentation required for community based Linux kernel support. No one could pull kernel support that they are the only ones providing using a proprietary datasheet.

There are many RK3588 single board computers available for around $100 already. As a back of the napkin quality idea using baseless imaginary statistics, I bet we could get around 3-5% of regular users to purchase hardware within a year if it was within a $250 price point. This should be set up for one click image and video hosting, threadiverse, mastodon, file sharing, git, blogging, etc.

This is way outside of the scope of a project I am qualified to manage; I am no real developer, just a sloppy hacker type. I'd volunteer to do a hardware design, or at least the bulk of the tedium for someone more experienced with production stuff to review. I would not mind playing the glue between those that have more limited time. If LW has 6k plus active daily users, and 3-5% of these purchased the hardware, the rough margins are nowhere near a viable business. Still, something in the back of my head says the only thing actually impeding internet freedom with the fediverse is the challenge of self hosting, and this is like the issue that Android addressed with mobile hardware. If people could one-time purchase the hardware, and only pay for their regular internet connection, I think they would buy straightforward honest open hardware they fully own.

I don't know if it is possible, or if the fediverse projects would participate in some kind of automatically updated end point. This was just a fantasy shower thought that I have been mulling over all day. It addresses all of my personal hesitations and insecurities about self hosting, and is simple enough I can imagine my techno illiterate family giving it a try. It is the kind of project I would like to be a part of.

45
Does piefed not have a modlog view? (lemmy.world)
 

I stopped using piefed a week ago when I got a message some random quack banned my account in some community I had never engaged with but I could not figure out who did it or where it happened. Any lack of modlog accountability for mods and admin with full transparency are an absolute no-go for me.

Maybe I am just dumb and not seeing where to find these. I only use the web browser front end.

9
Darth ESD (lemmy.world)
 
13
1957 Cadillac Eldorado Brougham – CyberReal XL V6 (lemmy.world)
submitted 6 months ago* (last edited 6 months ago) by j4k3@lemmy.world to c/imageai@sh.itjust.works
2 comments fedilink
 

Model knows its cars surprisingly well.

21
I want a community to exist like 4chan greentext here (lemmy.world)
 

Call it something like greentext or confessions or something. Anyone posting is automatically set to Anonymous with no link whatsoever to the original account for admin or users to track or in the logs/activity pub etc. Like the person will not get replies, notifications on their account for the post, or the ability to reply as Anon. Simply streamline creation of a throw away account using the existing credentials of an existing account for post access and to give automod a chance to act. Maybe bar new accounts or below a certain threshold of engagement.

24
Is there an easy way to filter all terminal commands that contain a --help flag? (lemmy.world)
 

Or is there maybe a way to set the pager for all help related queries to some command? I'm using bat and would like to pipe all --help through | bat --language=help by default for the syntax highlighting and colored output... Or if you know a lower effort way to color the output of --help let me know.

197
News on Naomi Wu ('s) – New Product Nukit – 222nm UV sterilizer – cutting edge, safe for active use with humans present tech – Big Clive YT 🌈 (lemmy.world)
 

https://www.youtube.com/watch?v=U4a_kJkVUis

Big Clive's video description:

This is not a sponsored video.  I feel it's important that people should know about this evolving technology, and Naomi is working on making it affordable.

During the pandemic YouTuber Naomi Wu presented plans for traditional mercury vapour based UVC sterilising lights with a special housing, to sterilise air in a room without exposing the occupants to the 254nm UVC light.

With the evolution and availability of the new era 222nm excimer lamps, Naomi has gone on to design a full product designed to be easy and convenient to deploy in populated areas like medical practices, waiting rooms, retail environments, food preparation areas and live events.

The special feature of the 222nm wavelength is that it is long enough to deactivate viral and bacterial air contaminants, but short enough not to pass through the outer layer of dead skin or the tear-layer of humans.  That means that it is currently considered safe to use in occupied areas.

The filter on the front of the light seems to specifically pass 222nm.  Without it there is a very slight hump in the spectral output at around 237nm.  The filter attenuates that completely.

Excimer is an abbreviation of Excited-Dimer, where a dimer is the joining of two molecules.  In the case of the excimer lamps the molecules are encouraged to bond temporarily in a plasma discharge, and when they revert back to their non-excited state they emit a photon of light at a specific wavelength determined by the chemistry.  In this case it's molecules of Krypton and Chlorine that form brief molecules of Krypton-Chloride (KrCl), before reverting back and emitting 222nm photons in the process.

The process of creating the plasma is very similar to dielectric barrier ozone generators.  By coupling to the gasses capacitively the lamp also avoids contaminating the gasses with the electrode materials.

Note that the unit uses 500mA at 12V (6W) but has a generously rated 12W power supply that runs cool.

This technology looks like it may be valuable in medical, care, travel or social environments to limit the spread of pathogens.

Here's a link to Naomi's pleasingly-named online shop:- https://cybernightmarket.com/products

42
Lemmy Flux (lemmy.world)
 
63
Is there a Ben Eater's Bread Board Computer/6502 type of content creator for home networks? (lemmy.world)
 

I've been watching some One Marc Fifty stuff on YouTube. I can follow him well, and I'm decent at much of the hardware stuff. At least I can compile OpenWRT or do a basic Gentoo install with a custom kernel. I dread staring at NFTables, but can hack around some. I don't fully understand networking from the abstract fundamentals. Are there any good sources that break down the subject like Ben Eater did with the 8 bit bread board computer, showing all the basic logic, buses, and registers surrounding the Arithmetic Logic Unit? I'm largely looking for a more fundamental perspective on what are the core components of the stack and what elements are limited to niche applications.

I just realized I want to use self signed client certificates between devices. It was one of those moments where I feel dumb for the limited scope of my knowledge about the scale of various problems and solutions.

70
How do you secure your bootloader without secure boot or why doesn't it matter? (lemmy.world)
 

I've made the effort to secure mine and am aware of how the trusted protection module works with keys, Fedora's Anaconda system, the shim, etc. I've seen where some here have mentioned they do not care or enable secure boot. Out of open minded curiosity for questioning my biases, I would like to know if there is anything I've overlooked or never heard of. Are you hashing and reflashing with a CH341/Rπ/etc, or is there some other strategy like super serious network isolation?

65
Do any of you have M$ Word running in present form? (lemmy.world)
submitted 2 years ago* (last edited 2 years ago) by j4k3@lemmy.world to c/linux@lemmy.ml
54 comments fedilink
 

My old man has a bunch of .dox stuff saved. He has complicated large files saved that are not supported by any of the FOSS conversion tools. I've tried Libre office, Abi Word, and every command line tool and converter I can find. These are entire book sized files.

I have a W10 machine with Word. Is extracting the .exe and running it with wine feasible without making an epic mess or massive project of this?

25
Tell me about glue please: How do you connect a microcontroller that conditionally executes code in different languages over USB serial on a typical desktop distro? (lemmy.world)
 

This is something that perplexed me a few years ago with Flash Forth on a PIC18/PIC24/Arduino Uno. I was using the Python serial emulator S-Term because it is simple in the source code and worked. I really wanted a way to load more structured Words into the FF dictionary with bookmarks in a way that made sense structurally. That lead to a desire to execute code from the uC on the host system, but I never wrapped my head around how to do this in practice.

As a random simple example, let's say I set up an interrupt based on the internal temperature sensor of the PIC18. Once triggered the uC must call a Python script on the host system and this script defines a new FF word on the uC by defining the Word in the interpreter.

How do you connect these dots to make this work at the simplest 'hello world' level? I tried modifying S-Term at one point, but I didn't get anywhere useful with my efforts.

view more: next ›