| === DJOmnifrog is now known as Omnifrog | ||
| === eli-away is now known as elijah-mbp | ||
| elijah-mbp | ... i wish ubuntu et al would quit trying to reinvent things and just build a solid, reliable experience. | 15:57 |
|---|---|---|
| elijah-mbp | i have 20 years of linux experience and a bunch of the desktop shit is just fucking confusing. | 15:57 |
| elijah-mbp | i mean, i'm actively considering just running OLVWM again. from 1992/1993. just so my head doesn't hurt all the time. | 15:58 |
| wrst | ha ha elijah-mbp, have you tried xfce lately? | 16:01 |
| cyberanger | elijah-mbp: I'm with you, debian sid and openbox like I ran on lucid | 16:02 |
| wrst | nah, you two are just old farts that yell at the kids to get off your yard :P | 16:03 |
| cyberanger | actually that was further back, crunchbang running off of jaunty's repo's | 16:03 |
| cyberanger | ...and keep it down will ya, I'm trying to rock climb here | 16:03 |
| wrst | ha ha | 16:03 |
| wrst | I'm weird I really like Gnome3.10 they had been making me mad up until that point but I really like 3.10 | 16:04 |
| average_guy | I'm definately in the "old fart" camp | 16:36 |
| average_guy | things are changing a bit fast for me | 16:39 |
| elijah-mbp | haha | 16:45 |
| elijah-mbp | i like things to really slow down. | 16:46 |
| elijah-mbp | i actually didn't mind the gnome3 / 'unity' stuff all that much. it was just slower than i had hoped. | 16:46 |
| elijah-mbp | i really think that simple is better, and a bunch of the current features are... not doing what people need. | 16:46 |
| elijah-mbp | i mean, i fyou want to use a 10MB tiff as your wallpaper - go ahead, but it's going to be slow - but don't make everyone else do it. | 16:47 |
| wrst | I don't mind the lack of things being light weight so much, becuase most reasonably "new" hardware say last 5 years will run most things | 16:53 |
| cyberanger | but how much resources are you saving for other tasks | 16:56 |
| wrst | I have found especially with something like kde it can be fairly light as in no kwin compositing that type of thing | 16:58 |
| wrst | and then you have xfce, xlde etc too | 16:58 |
| cyberanger | true, and with virtualbox and a ram disc...I go overboard elsewhere, so openbox works | 17:00 |
| wrst | but all the developement towards the new user, I'm not really for sure if the new user really exist | 17:03 |
| wrst | as in the person that is computer illeterate moving to linux | 17:04 |
| cyberanger | well, are they moving to the windows 8 tiles, or OSX | 17:08 |
| netritious | cyberanger: they are all moving back to DOS | 17:36 |
| wrst | howdy netritious | 17:40 |
| wrst | cyberanger: I must say gnome is somewhat doing its own thing as much as any body does their own thing | 17:40 |
| cyberanger | netritious: lol, sad part is that might not be a joke | 17:55 |
| cyberanger | the way people have held onto XP | 17:56 |
| wrst | afternoon chris4585 | 18:33 |
| netritious | howdy wrst | 18:46 |
| wrst | how are you doing netritious? | 18:46 |
| netritious | cyberanger: compared to vista xp is da bomb lol | 18:47 |
| wrst | agreed ! | 18:47 |
| netritious | wrst: could always be worse, right? :) | 18:48 |
| wrst | yes so they tell me :) | 18:48 |
| wrst | netritious: I'm excited I have a nexus 7 tablet (old one from 2012) supposed to be in the mailbox when I get home | 18:48 |
| cyberanger | it could be ME | 18:49 |
| wrst | cyberanger: that's a sore subject I rushed out and bought that mess as soon as it was released :\ | 18:49 |
| netritious | ME was rebranded 98 with very few feature additions and quite a few feature removals | 18:50 |
| wrst | the installer crashed repeatedly on me... that should have been my first sign | 18:51 |
| cyberanger | and did not include a complementary bottle of advil | 18:51 |
| netritious | 2000 was very solid, much better than NT, 98, or ME IMHO...that year I switched to NTFS for primary partition lol | 18:51 |
| wrst | or a swear jar | 18:51 |
| average_guy | I have still never seen Vista. Only heard how much it sucked. Rocked ME though | 18:51 |
| netritious | nice1 wrst | 18:51 |
| wrst | netritious: I'm happily using ext4 and zfs now at home | 18:52 |
| * wrst hasn't drank the btrfs kool-aid yet | 18:52 | |
| netritious | ne neither, but i'm closers | 18:52 |
| netritious | *closer | 18:52 |
| wrst | if I bork my install I might give it a go next tim | 18:53 |
| * cyberanger has been on some systems with force compress on | 18:53 | |
| wrst | cyberanger: didn't eat your hamster? | 18:55 |
| cyberanger | nope | 18:55 |
| wrst | I might give it a try I've been feeling the need for an adventure and my install has been way too smoothe | 18:56 |
| netritious | force compress? as in the FS is flagged to compress everything? | 18:56 |
| cyberanger | yep | 18:56 |
| netritious | wrst: what are you running? | 18:56 |
| wrst | arch still on my laptop, debian on the little vps I have | 18:57 |
| cyberanger | everything but boot | 18:57 |
| netritious | why would someone do that cyberanger? | 18:58 |
| netritious | wrst I keep finding myself back on ubuntu | 19:00 |
| netritious | unless i want to build stuff then i use debian | 19:01 |
| wrst | netritious: I do less modifying with arch than ubuntu, I like stock gnome, which is getting harder and harder to get a good experience on ubuntu | 19:01 |
| cyberanger | netritious: do what, force compress? | 19:01 |
| netritious | looking at either trying gentoo or going back to bsd land, but will most likely stay on ubuntu/debian for a while still | 19:02 |
| cyberanger | my case, make cryptanalysis next to impossible without a rubber hose | 19:02 |
| netritious | cyberanger: yes | 19:02 |
| netritious | thats a decent reason cyberanger | 19:03 |
| netritious | *'s | 19:03 |
| netritious | gentoo has an active system hardening project and portage which is like freebsd ports | 19:06 |
| netritious | I'm a long time fan of the freebsd ports system | 19:07 |
| cyberanger | makes it harder to correlate encrypted data with known plaintext, between that an my other peices of the process, leaves little room for any vector short of attacking me | 19:07 |
| netritious | cyberanger: I figured as much when you said that | 19:07 |
| netritious | i'm not to worried about my data minus keeping it backed up. | 19:09 |
| Unit193 | Pretty sure I don't need to link to http://xkcd.com/538/ ? :D | 19:09 |
| wrst | Unit193: :) | 19:09 |
| netritious | nice1 Unit193 | 19:10 |
| average_guy | Hahaha to tru | 19:10 |
| Unit193 | By that time you can't remember anymore though. ;) | 19:11 |
| netritious | cyberanger: I do use volume and file crypto in the event my systems are stolen by some random theif. | 19:11 |
| netritious | Theif: "Oh, that computer looks cool! Bet it's worth a lot!"...proceeds to yank from wall while powered on | 19:13 |
| Unit193 | Said the theif, to the moon... | 19:14 |
| netritious | it happened to a freind who was giving a next door neighbor's teenage son some music lessons, who then broke in and stole everything when my friend went out of town. | 19:16 |
| netritious | the VGA and RJ45 port were still attache dot the cables | 19:17 |
| netritious | *ports | 19:17 |
| netritious | and *attached to the cables | 19:18 |
| netritious | cyberanger: are you using a system with a TPM module? | 19:20 |
| * netritious thinks that module after TPM is a little redundant, but whatever | 19:21 | |
| netritious | android on a stick...any one here use one? and have you tried to put something other than android on it? | 19:24 |
| wrst | netritious: I have never used one but researched it a while back didn't seem like they were powerful enough at the time that much would be very effective on them | 19:26 |
| cyberanger | netritious: nope, I don't agree with the TPM spec | 19:27 |
| cyberanger | if you don't fully control a cryptosystem, you have no control | 19:27 |
| netritious | cyberanger: not sure i understand how TPM gives you less control? | 19:28 |
| netritious | wrst: http://www.tronsmart.com/Item/46 | 19:28 |
| wrst | hmm netritious now that has soome kick behind it | 19:30 |
| netritious | yeah i've been waiting on something like this for a while now. | 19:32 |
| netritious | got a little taste of quad-core+1GB ddr with daughter's tablet (agptek i think) and it works very very well | 19:33 |
| cyberanger | netritious: it relates to the manufacture process with the endorsement key | 19:34 |
| netritious | *1GB ddr3 | 19:35 |
| netritious | cyberanger: please elaborate | 19:35 |
| wrst | I'm doing some googling on that little device that could be fun | 19:37 |
| cyberanger | netritious: I'm trying to remember fully, but the endorsement key is burned into the TPM at manufacture, which means the plant in china had at that moment access to the public and private keys | 19:48 |
| cyberanger | and hence the ability to compromise the TPM | 19:49 |
| netritious | If I were a gvt official or something, and had to travel to china, then yes, I might be worried a little. | 20:06 |
| cyberanger | I fall under the "or something" and am just as worried about them travelling here | 20:13 |
| netritious | so how do you go about mitigating evil maid, cold/warm boot attacks, etc? "hands on attack" is how I think about it | 20:16 |
| netritious | "hands on console attack" is better..."HAC attack" lol | 20:18 |
| cyberanger | usb key holds boot partition, and nothing is kept in the MBR | 20:18 |
| cyberanger | so nothing for evil maid to latch onto | 20:18 |
| netritious | I haven't heard of it done, but evil made could also be performed via firmware attacks | 20:20 |
| cyberanger | cold boot and warm boot is a bit more challenging, aside from the systems using ECC ram, what I've tried doing is powering it down and then power it up and hope that it gets overwritten, or at least reassigned as free and screw up the read | 20:20 |
| cyberanger | not I power it up but don't decrypt | 20:21 |
| cyberanger | if it's firmware in the dvd drive, and is meant for linux, then I'm screwed | 20:21 |
| netritious | lol | 20:22 |
| netritious | do you use encrypted swap cyberanger? | 20:22 |
| cyberanger | however part two of all these efforts is to send something home, so in theroy If I'm travelling, I'd be checking my network connections more so | 20:22 |
| cyberanger | yeah, encrypted swap and btrfs | 20:23 |
| cyberanger | honestly, I'm more concerned of travelling to them and getting arrested by MSS | 20:23 |
| cyberanger | with my gear not on me | 20:24 |
| netritious | thinking about a bootable usb thumb drive that on boot, mounts your system's /boot ... | 20:42 |
| netritious | on first run generates hashes, and on subsequent boots compares the file's hashes | 20:43 |
| netritious | maybe play a beep sequence based on what it finds and displays filenames that don't match | 20:44 |
| netritious | use boot as an evil maid detector | 20:44 |
| netritious | *the system's /boot | 20:45 |
| netritious | oh and the MBR would need to be dumped and checked | 20:54 |
| netritious | maybe in addition to that, a dd of /boot as backup so you can restore in the event of tampering | 20:56 |
| netritious | oh and MBR hehe | 20:57 |
| cyberanger | my case, that's pretty much what I've done, just different methods | 20:57 |
| cyberanger | ignore the MBR, since I'm telling it to USB boot | 20:57 |
| cyberanger | any files not in /boot are encrypted, any files in /boot are on the usb key along with kali linux | 21:01 |
| cyberanger | I can't check the firmware though | 21:01 |
| cyberanger | and I don't worry about /boot, leave it stock, nothing to protect, if it's compromised, regenerate it | 21:02 |
| cyberanger | and if it leaves my side, it's as good as compromised | 21:03 |
| Unit193 | cyberanger: Kali, gnome right? Did you ever review Backbox? | 21:06 |
| cyberanger | yeah, come to think of it, when using that boot mode | 21:09 |
| cyberanger | and backbox idk, not recently | 21:11 |
| netritious | cyberanger: i see how your methods mitigate tampering without the usb /boot, but I don't see how you could determine if any one tried. | 21:45 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!