I thought I was told just a year or two ago it was supposed to be the future of manufacturing.

It is highly unlikely that you have malware sophisticated enough to do something like compromise installation media (already exceedingly rare) yet not sophisticated enough to bypass secure boot.

The purpose of secure boot is to verify that the boot loader and kernel are approved by the manufacturer (or friends of such). There are certainly ways to inject software into a system that doesn’t reside in those locations. It just makes boot sector viruses and kernel mode rootkits slightly more technically challenging to write when you can’t simply modify those parts of the operating system directly. If malware gets root on your installation it’s game over whether or not you have secure boot enabled. Much of the software on a computer is none of those things protected by secure boot.

Plus, take another wager: most systems today ship with secure boot enabled. If you were a malware author, would you still be writing malware that needs secure boot turned off to run? Of course not! You would focus on the most common system you can to maximize impact. Thus, boot sector viruses are mostly lost to time. Malware authors moved on.

Overall, it’s a pretty inconsequential feature born of good intentions but practically speaking malware still exists in spite of it. It’s unlikely to matter to any malware you would find in the wild today. Secure boot keys get leaked. You can still get malware in your applications. Some malware even brings its own vulnerable drivers to punch into the kernel anyway and laugh in the face of your secure boot mitigation. The only thing secure boot can actually do when it works is to ensure that on the disk the boot loader and kernel look legit. I guess it kind of helps in theory.

This is good advice in general. Think of it like penetration testing. You really should verify what you can actually access remotely on a device and not assume you have any level of protection until you’ve tried it.

Log files can also contain signs of attack like password guessing. You should review these on a regular basis.

That’s a tough nut to crack. Even as a video game platform, they don’t write most of the software that they sell today. They would need to find some way to convince developers to write software for something that’s not the platform nearly all users are running.

I’m not sure that Microsoft ever did halt going down that path. My wife recently bought a PC that came locked down by default and required some fiddling to allow running unsigned apps. This was Windows 10, not sure about 11.

I think it could be more that broad compatibility with everything is their main selling point, and by doing so they were undermining their own ecosystem.

However, this is mere speculation on my part.

Valve is a Titan doing incredible work for the open source community and making money while doing so.

Successful open source software business model at work. Way to go.

Loads of complex code exposed to an assumed trusted network is the model of printers. They’re going to be full of security issues.

This stuff should be sandboxed and then never, ever exposed to the Internet.

Entirely personal recommendation, take it or leave it: I’ve seen and attacked enough of this codebase to remove any CUPS service, binary and library from any of my systems and never again use a UNIX system to print. I’m also removing every zeroconf / avahi / bonjour listener. You might consider doing the same.

Great advice. It would appear these developers don’t take security seriously.

1. Don’t post your information. It will always be distributed, compiled, and sold no matter how well you think you’ve locked it down. Preventing information flow on the Internet is virtually impossible. If you post it, it’s out there forever. You have to believe this.
2. All photos are public. If you take a picture and it ever touches the Internet, you have to assume that photo is out there forever. To be safe, never take photos of anything sensitive such as the front of your house, your driver’s license, or your passport.
3. If a service is free, you are the product, usually in the form of your data. Never forget every business seeks a profit.
4. Review your privacy settings regularly. This can help reduce your exposure, but you should still never share sensitive information.
5. Carefully scrutinize all requests. Don’t take requests for your information lightly. Take your time, and any attempts to rush you is a glaring red flag that you’re dealing with a scammer. Do business physically where possible, such as in person at your actual bank instead of over the phone where you could be speaking to anybody.
6. Foster a humble ego. This makes you harder to exploit by scammers, and it means you’ll spend less time talking about yourself and risking accidental over-sharing. Recognize that most people don’t need to know and don’t care about you.
7. Foster independence. The cloud is just someone else’s computer that you don’t control. Manage your own information and keep it local to your devices.

Privacy is a process not a destination, but I think these ideas will help you get started. You need to use your brain. Privacy comes from being a private person, maintaining control of your information and your business.

There can only be one true corporation and you will pay infinite money for every one of its products.

Just downloaded it now with flatpak. I’m pleased that it looks and feels pretty much the same. Just more to the point. Exactly what I want.

Important embedded link from Tor about the attack and actions going forward:

https://blog.torproject.org/tor-is-still-safe/

👏👏 nicely done! Bravo!

My IP is in this photo and I don’t like it.

It’s very impressive that they got such a modern process up and running in such a relatively short period of time. I understand the Arizona location is relatively new.

The number of comments is inversely proportional to the size of the pull request.

Paywall?

Woof. I forgot that used to be a thing. I’m pretty sure I had a phonebook those days.

So far we’re doing a great job at keeping profits out of the equation. Let’s see if it lasts.

With community visibility, there is plenty of room to form these communities that regular people can’t access for those who want that.

I can imagine an instance with a whole collection of insider communities. In fact, it’s already happened.