Re: This is...disturbing...
On Wed, Jul 27, 2022 at 5:46 AM Michal Schorm wrote: > The "Speculations" section sound's to me like the wet dream of every > InfoSec in every company. > I believe many would pay the weight of Bill Gates in gold for that ... > should it work flawlessly. > > Outside of networks requiring very strict content access control, it > is - I believe - sentenced to the fate of any standardization effort: > https://xkcd.com/927/ > I mean, there is billion of Android and Apple devices from thousands > of manufacturers used by people who wants to access documents on which > they worked on their Windows PCs. > Most of those documents are of little interest to bad actors and could be made public without significant consequences. Those working on Windows PCs are expected to exercise good judgement, but there are cases where people accessing documents on personal devices have been called out by others motivated by personal antagonism, racism, sexism, etc. > So I don't see any dystopian future regarding that coming (just) yet. > > Or did I miss something? > Corporations and governments generally have policies for who has access to which documents. In practice, documents do leak to people who were not in the intended group of readers and leakers can be punished. Most organizations rely on individuals for proper handling of sensitive documents, but there are always those who have been taken in by sellers who promise technological controls that will prevent leaks and identify "leakers". Those same factions often engage in misclassification (making everything "top secret" and adding barriers to make it hard to change the initial classification), reducing more conventional security efforts such as training and intrusion detection, and selective enforcement. We are in for another round of over-promising and abuse of technological controls. Unfortunately, the current political climate has enabled many who will see a new tool to push their own agendas. -- George N. White III ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: This is...disturbing...
The "Speculations" section sound's to me like the wet dream of every InfoSec in every company. I believe many would pay the weight of Bill Gates in gold for that ... should it work flawlessly. Outside of networks requiring very strict content access control, it is - I believe - sentenced to the fate of any standardization effort: https://xkcd.com/927/ I mean, there is billion of Android and Apple devices from thousands of manufacturers used by people who wants to access documents on which they worked on their Windows PCs. So I don't see any dystopian future regarding that coming (just) yet. Or did I miss something? -- Michal Schorm Software Engineer Core Services - Databases Team Red Hat -- On Tue, Jul 26, 2022 at 8:14 PM Dave Ihnat wrote: > > Ran across this today: > > https://gabrielsieben.tech/2022/07/25/the-power-of-microsoft-pluton-2/ > > I'm concerned... > -- > Dave Ihnat > dih...@dminet.com > ___ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: This is...disturbing...
On 7/27/22 7:36 AM, Tim via users wrote: So, yes, I do see the value in locking down closed-source systems, to make them a reliable and safer system. The world would be a better place if Windows wasn't such an utter disaster. You might think you don't care if Windows self destructs while you never use it, but your medical data, your financial data, etc, is on other people's computers using those systems. You never know what is processing your medical/tax data, etc. Maybe they are still using MUMPS (https://thedailywtf.com/articles/A_Case_of_the_MUMPS), maybe ancient COBOL code are still chugging along. Maybe it's a long-discontinued proprietary OS that has seen last security update a decade ago. But you still have to use them. Lily OpenPGP_0xEE978FA44869B163.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: This is...disturbing...
On Tue, 2022-07-26 at 21:04 +0200, Alex wrote: > Pluton is being pitched as right now, as a firmware security device > to prevent malware". I think these kinds of things do not work > because at the end of the day the user will want to install whatever > software they want, so whatever that thing is can't really prevent > most malware a typical PC user will come accross. I think it's a fairly safe bet that much of the PC's woes is down to software piracy. People don't want to buy software, so they get a cracked version, or use something to crack it. And in doing so, they compromise their own system. Why the hell would you trust a hacker not to screw up your PC when they don't give a damn about screwing the developers of the software they're cracking. Are people completely stupid, or do they just do it part time? It's not beyond my imagination that not only do crackers not give a damn about stuffing up your PC, they're probably doing it (letting you crack software, or letting you have cracked software) on purpose as a way of building up their bot army. They're not just "sticking it to the man" and letting you have a free Photoshop in protest against capitalism, it's you that they're actually scamming. So, yes, I do see the value in locking down closed-source systems, to make them a reliable and safer system. The world would be a better place if Windows wasn't such an utter disaster. You might think you don't care if Windows self destructs while you never use it, but your medical data, your financial data, etc, is on other people's computers using those systems. On the other hand, I don't want it so it's impossible to get general PC hardware so we can't run open-source systems where we can create the systems we need. -- uname -rsvp Linux 3.10.0-1160.71.1.el7.x86_64 #1 SMP Tue Jun 28 15:37:28 UTC 2022 x86_64 Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: This is...disturbing...
Welp. "Microsoft’s other use of DICE+RIoT, in their own words, is to enable “Zero Trust Computing.”" I mean, that's a pretty cool and appropriate name: Zero trust in that I don't trust it :). Per the article: "Now, Microsoft might look at the above and laugh this off as fear mongering, as that is much further than what Pluton is being pitched as right now, as a firmware security device to prevent malware". I think these kinds of things do not work because at the end of the day the user will want to install whatever software they want, so whatever that thing is can't really prevent most malware a typical PC user will come accross. On 7/26/22 20:14, Dave Ihnat wrote: Ran across this today: https://gabrielsieben.tech/2022/07/25/the-power-of-microsoft-pluton-2/ I'm concerned... -- Dave Ihnat dih...@dminet.com ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
This is...disturbing...
Ran across this today: https://gabrielsieben.tech/2022/07/25/the-power-of-microsoft-pluton-2/ I'm concerned... -- Dave Ihnat dih...@dminet.com ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure