• 2 Posts
  • 1.06K Comments
Joined 4 years ago
cake
Cake day: January 17th, 2022

help-circle
  • Others are concerned about their durability…

    Unless I see reports about keys premature end of life I’d put that under FUD.

    Anyway as you did ask few times about this I believe it’s important, and you might be aware of this so apologies if sound condescending, to see keys as something NOT precious. Of course keys are important and they are not cheap… but also you might, in fact :

    • you probably will loose keys
    • you might get them stolen (typically by mistake, somebody taking your entire backpack)
    • you maybe could break them sitting on them (really tricky but OK, why not)
    • you might have some die of “old age” (I’ve never seen that but physical tear does happen, depends on your usage)

    … so what’s IMHO crucial is to have a backup. If you lose your 1 key and you are locked out of your stuff, this is terrible. If you lose your key but you have a backup in a well known to you and secure location, then you login, revoke the other one, move one. Maybe you lost 50 bucks but that’s much better than either being compromise or hours and hours lost in trying and failing to find back the 1 key.

    TL;DR: keys are important but not precious. If they are precious you are doing something wrong.

    Edit: also not for now but keys will inexorably deprecate. You might want post-quantum schemes and even though it is arguably not pressing at the moment maybe the hardware you currently have will not support this. So again, keys are important but should be disposable and replaceable.














  • utopiah@lemmy.mltoLinux@lemmy.mlAntiviruses?
    link
    fedilink
    arrow-up
    2
    ·
    4 days ago

    Thanks, it’s quite interesting but again IMHO it relies on bad practices. If you’ve been compromised and you “restore” (not in an sandboxed environment dedicated to study the threat) then you are asking for trouble. I’ll read a bit more in depth but the timeline I see 1987, 1998, 2017 show me this is a very very niche strategy, to the point that it’s basically irrelevant. Again it’s good to know of it, conceptually, but in practice proper backups (namely of data) remains in my eyes the best way to mitigate most problems, attacks and just back luck (failing hardware, fire, etc) alike.


  • utopiah@lemmy.mltoLinux@lemmy.mlAntiviruses?
    link
    fedilink
    arrow-up
    4
    ·
    4 days ago

    12 years ago I took “Malicious Software and its Underground Economy: Two Sides to Every Story” and it was quite interesting not so much for the technical aspect (which was still nice) but for the economical aspect that is often underappreciated. The core idea was that scammers or hackers might be doing it for fun, as you did, or learning, as I did… but the ones who keep on doing it sustainably make money out of it, consequently they are predictable. Namely they need repeatable methods that scale or that target a specific group. I really recommend taking a similar class but anyway, the big picture here is sure, maybe AV would miss such things and yet it wouldn’t really matter because nearly nobody does that and/or it wouldn’t propagate much.


  • utopiah@lemmy.mltoLinux@lemmy.mlAntiviruses?
    link
    fedilink
    arrow-up
    2
    ·
    4 days ago

    That doesn’t make much sense to me, one backup data, not executables or system. Even if they were to be saved in the backup then they wouldn’t get executed back.

    Anyway, that’s still conceptually interesting but it’s so very niche I’d be curious to hear where it’s being used, any reference to read on where those exist in the wild?



  • utopiah@lemmy.mltoLinux@lemmy.mlAntiviruses?
    link
    fedilink
    arrow-up
    4
    arrow-down
    6
    ·
    edit-2
    4 days ago

    Nothing needs an antivirus if you backup your data properly.

    PS: I’m getting downvoted for this so I’ll explain a bit more : if you backup properly, you can restore your data. Sure your system is fucked… but who cares? In fact if you care for your OS installation then right away it shows you are NOT in a reliable state. You install another OS and start from there. Maybe it’s not even due to a virus, maybe your hardware burns in fire, same situation so IMHO a working backup (and by working I mean rolling, like TODAY it’s done without your intervention) then you restore. Also please don’t tell me about ransomware because even though it is a real threat, if you do your backups properly (as in not overwritting the old ones with the new ones) then you are still safe. It can be as basic as using rdiff-backup. It’s fundamental to understand the difference between what’s digital and what is not digital.


  • Still watching it but this shouldn’t be surprising.

    The whole point of US politics was to isolate China out of the “AI revolution” by depriving it to top of the line chip.

    Meanwhile China has been building the entire World electronic ecosystem bar few very specific high end components, leaving these to TSMC, ASML, etc or design mostly to the US.

    Even before tariffs and sale bans (due to dual use concerns) China already had a chip independence plan dating back from at least 2000. Since then close to the entire World move production there, at least assembly, and most deals to do so included, or tried to, include IP transfer and at the very least learning with the partner, if not more but that’d be just speculation, to add industrial espionage on top (even though plenty of news on the topic).

    So… sure, it’s happening. Now the question though I asked on such thread countless time is basically : what’s the yield?

    Because producing 1 board to send to a tester is already an incredible feat but that doesn’t mean thousands or even millions can be produced. If they can, that also doesn’t mean they can be produced economically efficiently, regardless of subsidies.

    PS: most interesting book on the topic IMHO : https://en.wikipedia.org/wiki/Chip_War


  • It’s not just for Linux but :

    • there is an error message somewhere

    It’s fundamental because instead of saying “It doesn’t work!” and get no useful help, people must think of it as an investigation (or whatever get them going) looking for clues. Until you get the right message and can provide the right context (e.g. what computer are you using, what OS version, etc) then you get generic help which is like looking for a needle in a haystack. Sure it’s not entirely impossible if you are both lucky and patient but you are doing yourself and others a huge disservice.

    Before Linux maybe they were used to black boxes but here, nobody is intentionally trying to hide away anything from you!

    PS: bonus, notes are basically free. Jolt down notes about anything and everything you are learning. Don’t just “use” a computer, LEARN how to use a computer.