Skip Navigation

𞋴𝛂𝛋𝛆

@ j4k3 @lemmy.world

Posts
190
Comments
1831
Joined
2 yr. ago

  • Just be aware that W11 is secure boot only. There is a lot of ambiguous nonsense about this subject by people that lack a fundamental understanding of secure boot. Secure Boot, is not supported by Linux at all. It is part of systems distros build outside of the kernel. These are different for various distros. Fedora does it best IMO, but Ubuntu has an advanced system too. Gentoo has tutorial information about how to setup the system properly yourself.

    The US government also has a handy PDF about setting up secure boot properly. This subject is somewhat complicated by the fact the UEFI bootloader graphical interface standard is only a reference implementation, with no guarantee that it is fully implemented, (especially the case in consumer grade hardware). Last I checked, Gentoo has the only tutorial guide about how to use an application called Keytool to boot directly into the UEFI system, bypassing the GUI implemented on your hardware, and where you are able to set your own keys manually.

    If you choose to try this, some guides will suggest using a better encryption key than the default. The worst that can happen is that the new keys will get rejected and a default will be refreshed. It may seem like your system does not support custom keys. Be sure to try again with the default for UEFI in your bootloader GUI implementation. If it still does not work, you must use Keytool.

    The TPM module is a small physical hardware chip. Inside there is a register that has a secret hardware encryption key hard coded. This secret key is never accessible in software. Instead, this key is used to encrypt new keys, and hash against those keys to verify that whatever software package is untampered with, and to decrypt information outside of the rest of the system using Direct Memory Access (DMA), as in DRAM/system memory. This effectively means some piece of software is able to create secure connections to the outside world using encrypted communications that cannot be read by anything else running on your system.

    As a more tangible example, Google Pixel phones are the only ones with a TPM chip. This TPM chip is how and why Graphene OS exists. They leverage the TPM chip to encrypt the device operating system that can be verified, and they create the secure encrypted communication path to manage Over The Air software updates automatically.

    There are multiple Keys in your UEFI bootloader on your computer. The main key is by the hardware manufacturer. Anyone with this key is able to change all software from UEFI down in your device. These occasionally get leaked or compromised too, and often the issue is never resolved. It is up to you to monitor and update... - as insane as it sounds.

    The next level key below, is the package key for an operating system. It cannot alter UEFI software, but does control anything that boots after. This is typically where the Microsoft key is the default. It means they effectively control what operating system boots. Microsoft has issued what are called shim keys to Ubuntu and Fedora. Last I heard, these keys expired in October 2025 and had to be refreshed or may not have been reissued by M$. This shim was like a pass for these two distros to work under the M$ PKey. In other words, vanilla Ubuntu and Fedora Workstation could just work with Secure Boot enabled.

    All issues in this space have nothing to do with where you put the operating systems on your drives. Stating nonsense about dual booting a partition is the stupid ambiguous misinformation that causes all of the problems. It is irrelevant where the operating systems are placed. Your specific bootloader implementation may be optimised to boot faster by jumping into the first one it finds. That is not the correct way for secure boot to work. It is supposed to check for any bootable code and deplete anything without a signed encryption key. People that do not understand this system, are playing a game of Russian Roulette. There one drive may get registered first in UEFI 99% of the time due to physical hardware PCB design and layout. That one time some random power quality issue shows up due to a power transient or whatnot, suddenly their OS boot entry is deleted.

    The main key, and package keys are the encryption key owners of your hardware. People can literally use these to log into your machine if they have access to these keys. They can install or remove software from this interface. You have the right to take ownership of your machine by setting these yourself. You can set the main key, then you can use the Microsoft system online to get a new package key to run W10 w/SB or W11. You can sign any distro or other bootable code with your main key. Other than the issue of one of the default keys from the manufacturer or Microsoft getting compromised, I think the only vulnerabilities that secure boot protects against are physical access based attacks in terms of 3rd party issues. The system places a lot of trust in the manufacturer and Microsoft, and they are the owners of the hardware that are able to lock you out of, surveil, or theoretically exploit you with stalkerware. In practice, these connections are still using DNS on your network. If you have not disabled or blocked ECH like cloudflare-ech.com, I believe it is possible for a server to make an ECH connection and then create a side channel connection that would not show up on your network at all. Theoretically, I believe Microsoft could use their PKey on your hardware to connect to your hardware through ECH after your machine connects to any of their infrastructure.

    Then the TMP chip becomes insidious and has the potential to create a surveillance state, as it can be used to further encrypt communications. The underlying hardware in all modern computers has another secret operating system too, so it does not need to cross your machine. For Intel, this system is call the Management Engine. In AMD it is the Platform Security Processor. In ARM it is called TrustZone.

    Anyways, all of that is why it is why the Linux kernel does not directly support secure boot, the broader machinery, and the abstracted broader implications of why it matters.

    I have a dual boot w11 partition on the same drive with secure boot and have had this for the last 2 years without ever having an issue. It is practically required to do this if you want to run CUDA stuff. I recommend owning your own hardware whenever possible.

  • Any UEFI secure boot enabled distro will remove all boot entries without a valid package key or a shim to a valid key.

    Glad you got it working.

  • I am talking about something where there is no research done. No doctors exist in this space.

    It doesn't matter anyways. I found how the model's last layer of thinking defense gets around the issue. I can turn off most of alignment, but cannot actually fully control it totally unchecked.

  • You assume much, and are being an ass in my opinion. Believe it or not, science is not always well funded. If you happen to be curious and have the time, it is possible to explore scientifically or even casually within areas that are not well researched. It is possible to have logic skills even without credentials.

    We are not in some final state of technology. Anyone saying such nonsense lacks fundamental logic skills.

    I do not care about me. I do not have dogma. I'm not interested in recognition. I am willingly to explore in unique ways both artistically as a professional artist, and out of logical curiosity. I have the tools needed to check my results against a control using unrelated sources. The most recent paper on the subject is something I can recreate but explain far better than that paper.

    I could not care less what you ultimately think of me, or anything I say. What I care about is that you're a decent digital neighbor. To be physically disabled in near total social isolation, and have a place like this as my main interaction with other humans, it is a mean prejudice to have some random digital neighbor make such unsolicited malevolent statements assuming my personal motivations without a shred of evidence or decency to engage in questioning. You know absolutely nothing about me, yet you presume a great deal, putting words to my emotions as if you own me.

  • Sometimes the whole world does seem crazy. So I'm not liking my odds. Thanks for the rational advice.

  • What if you've got no credentials, but the flaw is so serious that it will not matter if known.

    This is a true hypothetical curiosity. I do not know anything of value. A bunch of people here like to call me crazy, and I've rambled on and on many times in ways that likely confirm their notions. A person like this is not likely to fair very well when operating well outside their social caste unless they already have hand holds on the rungs of the ladder above. Still, there are some rather surprising areas of technology without adequate fundamental research. Perhaps it is hypothetically better to have John Conner in the world of Cyberdyne. If someone had killed Apache early, the Internet would not be the same heaven of democracy, though that is not a very good intuitive scope of analogy. Just something to ponder if one were to be in such a situation.

  • All technology would instantly halt.

    The actual bond wires between the silicon pad and chip packaging for every chip with some kind of leads (feet) is actually an extremely thin thread of pure gold. It has to do with the super tiny size of the actual pads that are being bonded on the die, the robotics, the welding, and the physical properties of the wire connection.

  • K&R?

  • Nah, I think people that have critical thinking skills are not afraid of being wrong, aka their own curiosity and growth. The rest of the world wants simple dichotomous logic and is incapable of constructive engagement. They are simply too narcissistic to process abstract thinking and are looking for any excuse to rot in their dystopian existence.

  • Graduated pacman emerges... and we all know emerge is Gentoo. This one doesn't compile.

  • Ask Lemmy @lemmy.world

    What are the rules of popular content creators/creations?

  • Commodity housing is a crime against humanity.

  • None of them paid off a 50 year mortgage they couldn't even afford to start at 40 years old.

  • It helps to have modern elastics to make a riffle like spear gun. When under water, big fish are easy game. You'll see them easily in the ocean and reasonably well in large rivers and lakes too. With rivers and lakes you can just noodle with large catfish. If you reach into holes and cervices, catfish will bite your hand. It is more like sucking. You just pull them up, no tackle or equipment needed.

    Without modern elastics, any bow or torsion based energy storage system would work to make a crossbow like action. I could easily flake a rock to make a crude knife, and fashion something out of some sticks.

    I would probably struggle most with my chemistry using organics I find in nature. I know stuff like the best bows are recurved with composite wood. Ultimately, I am loosely aware of the innovations of Watts with the pressure regulation of a steam engine. I know how to make bloom iron. And I know the basics of indirect heating and atmospheric control of the Bessemer process. Additionally, I am aware that the key to lathe precision is a heavy base, and that a lathe screw lead is able to cut a more accurate lathe screw lead, and eventually achieve any machine precision desired. Prussian blue or any dye based pigment, is used with a special thick chisel to hand scrape metal flat. Magnetite is the primary ore for iron. Steel is all about precision control over the carbon content. Heating calcium carbonate is super handy. Boxite requires chemistry to get to the aluminum. High voltage arcs across electrodes in air will make nitric acid, but guano is the most accessible form of nitrates at smaller scales. Potatoes are the most important food source to scavenge.

    A general deep curiosity and willingness to explore are the key personality traits. I love learning at a fundamental level where I actually understand stuff. I am not all that bright, just a jack of all trades type person where I have a very broad set of skills and understanding of the world. I'm a swiss army knife – all the tools, but the world's shittiest scissors.

  • You did not understand the abstraction. I covered all of human history from hunter gatherer to modern.

  • It is easier to spear fish underwater. You do not have the refractive index of light to deal with.

  • Counterstrike with my friends at the cafe 20 years ago

  • I'm pretty good at hunting and gathering. Back before my broken neck and back, I was super into wanting to buy some remote place in the Appalachians and pseudo homestead. I have messed with many of the required skills. I wanted a place in the mountains with a year round creek for a water wheel, building a foundry and forge, along with a manual machine shop. I was into what I could do using junk from pick-a-part type junk yards. People often only think of parts for whatever low end car, but if you actually have a fundamental understanding of cars and the various technologies in different applications, a junk yard gives tremendous access to industrial technology for many types of machines and equipment. Junk yards are not setup for that kind of thing either. A little bit of flattery and flirting with a cashier goes a very long way when none of the collection of parts on your cart have legitimate prices on the menu.

    Even with my disability now, I could probably survive in the wild by trapping game and some minor gardening if the population was low enough and I was in a decent location compared to where/when I live now in the era of the 50 year mortgage fuckwit dystopia.

  • Some people have a more steady hand than others. Like I can do professional sign lettering, but it is super difficult and slow for me to do because I do not have very steady hands.

    I can paint stuff like candies (dye based paints that get infinitely darker with overlapping), and pearls, that are both shot basically blind by intuition and muscle memory, but I cannot see hand written lettering and what I want to project onto the page, in advance of actually drawing it. I'm more like a bushwhacker with a machete most of the time.

  • I tend to lack the patience to make mine nice. It requires a lot of focus. There must be a fundamental difference with people that have very nice natural handwriting. I'm curious what that might be and how others perceive themselves in that space.

    Even with graphics on cars and motorcycles I rough sketched in several light strokes before establishing a more solid line. I want to write in a similar way. I almost have a subconscious mindset like each letter should be a draft with revisions or something. I do not have a vision of how I want the letter to look so I just slop something down like a rough draft. Then it is functionally readable, and I can't easily refine it so I move on.

    Maybe it was that day in school when the teacher made me chose what hand to write with. It bugged me so much that neither hand was dominant and no matter how much the teacher insisted that I have a dominant hand, neither felt any different, so eventually she decided for me that I was right handed... and I still have not forgiven her.

    That is the moment in school when most of us selected our handedness. That is an impactful moment in life. In terms of competitive sports it may define your potential in many areas. It leads down this path of the psychology of writing.

  • Ask Lemmy @lemmy.world

    What is your meta thought process like when drawing your own handwriting?

  • Ask Lemmy @lemmy.world

    Got the ARRL handbook. Smells like a toxic dump site. Any fixes for new book smell of death?

  • Ask Lemmy @lemmy.world

    Do you know of any good reference projects to calculate sunrise and sunset times from NTP?

  • Ask Lemmy @lemmy.world

    How is it possible to access Arduino compiled code from another language like MicroPython or FORTH?

  • Ask Lemmy @lemmy.world

    What is on your end of the world data dump list?

  • Ask Lemmy @lemmy.world

    Radio wizards and witches, what is the deal with antenna for the ~7 MHz amateur band?

  • No Stupid Questions @lemmy.world

    What will the next age of innovative art culture create?

  • Ask Lemmy @lemmy.world

    For a 6502, what is the assembly convention for calling a 16 bit word into the accumulator from memory to increment as a variable?

  • Ask Lemmy @lemmy.world

    Who is the most super Chad of solo code projects and why?

  • Ask Lemmy @lemmy.world

    Do any of you know the RockChip SoCs well like the RK3388/RK3588?

  • Ask Lemmy @lemmy.world

    How do you work at a job where you fundamentally disagree with the company's ethics?

  • Ask Lemmy @lemmy.world

    Do you have self empathy?

  • You Should Know @lemmy.world

    YSK Lemvotes.org will show you votes on any post, comment, or by user, for anything on the fediverse

  • Showerthoughts @lemmy.world

    The time and expense of commuting is theft, if that job can be done from home.

  • Ask Lemmy @lemmy.world

    What is a word to replace "park?"

  • AI Generated Images @sh.itjust.works

    Darth ESD

  • You Should Know @lemmy.world

    No LUFS regulations are the reason you use subtitles to watch TV – Tom Scott YT (7:58)

  • Ask Lemmy @lemmy.world

    What are the unknowable traits of one's self?

  • Ask Lemmy @lemmy.world

    Is the expectation of an apology ultimately narcissistic?