Fun Fact: These noises actually comprised much of the background “whir” for TNG. People were used to tuning it out when watching TNG, but were confused when they heard it during one of the DS9 episodes where Alexander came back since they hadn’t heard it for a while.
data1701d
joined 1 year ago
Loved when LD:Crisis Point: Rise of Vindicta poked fun at this.
Although honestly, moderately enjoy at least the first Abramsverse film - not peak Trek, but fun enough. For a while, I thought Pine was the best Kirk performance in the franchise, but then SNW Kirk grew on me with the La’an episode and I think it’s tied.
But transporter-cloning Tuvix and and splitting one gets THREE allies. 🤭
If it doesn’t simulate a connected monitor, it looks like there are little HDMI shims that do called EDID emulators that are available for relatively cheap.
Obviously, you hang in the castle for a bit so you can go over to the ion storm later with a full understanding of context.
I probably shouldn’t have thrown in the word “now”; what I meant to say is FOSS formats are so good that the existence of RAR is ridiculous.
(Note: Anything I say could be B.S. I could be completely misunderstanding this.)
Clevis isn’t too difficult to set up - Arch Wiki documents the process really well. I’ve found it works better with dracut that mkinitcpio.
As for PCR registers (which I haven’t set up yet but should), what I can tell, it sets the hash of the boot partition and UEFI settings in the TPM PCR register so it can check for tampering on the unencrypted boot partition and refuse to give the decryption keys if it does. That way, someone can’t doctor your boot partition and say, put the keys on a flash drive - I think they’d have to totally lobotomize your machine’s hardware to do it, which only someone who has both stolen your device and has the means/budget to do that would do.
You do need to make sure these registers are updated every kernel update, or else you’ll have to manually enter the LUKS password the next boot and update it then. I’m wondering if there’s a hook I can set up where every time the boot partition is updated, it updates PCR registers.
JavaScript be like that sometimes…
That is so me sometimes.
You're somewhat right in the sense that the point of disk encryption is not to protect from remote attackers. However, physical access is a bigger problem in some cases (mostly laptops). I don't do it on my desktop because I neither want to reinstall nor do I think someone who randomly breaks in is going to put in the effort to lug it away to their vehicle.
Clevis pretty much does TPM encryption and is in most distros' repos. I use it on my Thinkpad. It would be nice if it had a GUI to set it up; more distros should have this as a default option.
You do have to have an unencrypted boot partition, but the issues with this can at least in be mitigated with PCR registers, which I need to set up.
Ah, you must be an ice man. 😁