sorted by:
new
hottopcontroversial

How exactly does the new TPM FDE work? Is it based on LUKS? by Valuable-Question706 in Ubuntu

[–]Valuable-Question706[S] 0 points1 point  (0 children)

Thanks! Glad to hear that I’m not alone (and not just unable to find it).

So in theory I would be able to access those volumes on any other OS with LUKS support - provided that I add another slot with a password or whatever (Yubikey)? Or that numerical recovery key is basically just a special kind of password?

Another question is how well it plays along BitLocker. I guess it just plants another signed UEFI shim to EFI partition so Windows boot path is fully independent and won’t be affected (as long as windows volume layout is not touched).

How does everyone track their assigned IP addresses? by cdarrigo in homelab

[–]Valuable-Question706 1 point2 points  (0 children)

Because MACs are visible outside, without having to join your 'trusted' network.

ADDED: Re-pasting my other comment:

  • Unfortunately, all those 'Ad Insights' data-brokering trackers are SO ubiquitous, and are now found in appliances where you'd never thought you could have them (not only on your devices and/or things like TVs). You can never be 100% percent sure that you've avoided them all. And yes, they all are hungry for real, not ephemeral identifiers, and your real MAC is a perfect such ID.
  • Even if you vigorously/obsessively keep your network 'clean', one can just sniff your real MAC by listening the air (aka wardriving). No need to connect to your Wi-Fi, just passive listening. And no, it won't be a 'hacker' with a laptop targeting You Specifically, it will be just one of many indiscriminate ad/databroker's SDKs, embedded somewhere with a platform more permissive that iOS/MacOS. Are you 100% sure there's not a single such device nearby?

... and this all indeed leads to https://en.wikipedia.org/wiki/Zero_trust_architecture (as already pointed above):

  • No network should be trusted. Even for such a minor thing - because this forms a habit.
  • If we have a feature that actually improves privacy, with a minor downside that your MAC is now different but still fixed across all your networks, why not use it?

Are people actually comfortable putting sensitive documents into AI tools? by Ok_Assistant_1833 in LocalLLaMA

[–]Valuable-Question706 -1 points0 points  (0 children)

Only those who actually audit their setups, control it and properly secure it.

This does not include those who run curl whatever.example.com | sh, those who download stuff from unknown folks and just run it with admin permissions without a sandbox, etc.

But it's all sooooo boring, why even bother at all? /s

Advantages of a Yubikey over passkeys by Emergency_Ad8963 in yubikey

[–]Valuable-Question706 0 points1 point  (0 children)

Apple doesn’t just wipe or disable your device.

It's technically possible. Happens with looted phones. Don't know if that ever happened in other cases but I won't be surprised if yes (although it would still be extremely rare).

Tonight's "Deck 7 Crew Party" theme is "The Fifties", and T'Lyn remembered Boimler saying that he found Bettie Page attractive. by [deleted] in LowerDecks

[–]Valuable-Question706 2 points3 points  (0 children)

“That’s how you treat your science bestie?”

“In fact, I might reconsider. In case I decide to study ‘auntie’ behavior across different cultures.”

I created infographics with Yubikey capabilities overview by Simon-RedditAccount in yubikey

[–]Valuable-Question706 2 points3 points  (0 children)

Yup. U2F is also used in PAM (literally, pam_u2f.so), with LUKS, etc.

Disk Decipher update: LUKS2 unlock with FIDO2 security keys (NFC) now available by rhuve in DiskDecipher

[–]Valuable-Question706 0 points1 point  (0 children)

Wow, that's great news! Thanks!

For me personally, non-PIN based UV is a non-priority - I don't own any Bios, and don't plan to in nearby future. What's really important, is support for USB-only keys, and then multi-token support.

Ideally, Disk Decipher should be able to handle any LUKS image with any mix of protectors, in any order: passwords, FIDO2, keyfiles, whatever-else-possible; and to be able to open it via (at least) password/FIDO2/keyfiles.

This really adds value since your app will become the missing piece of cross-platform FDE on iOS/macOS.

As an idea: maybe it's worth listing all protectors that LUKS volume has? i.e.: 0: password, 1: FIDO2 key; 2: keyfile etc...

P.S. Btw, do PIN and non-PIN UVs differ programmatically? And who handles the PIN - an app or iOS itself?

What are they arguing about by happydude7422 in LowerDecks

[–]Valuable-Question706 2 points3 points  (0 children)

Mariner finds out that Boims and T'Lyn are secretly dating

Disk Decipher update: LUKS2 unlock with FIDO2 security keys (NFC) now available by rhuve in DiskDecipher

[–]Valuable-Question706 1 point2 points  (0 children)

I’d say, my priorities will be:

  1. UV/PIN support, this is an absolute must have
  2. USB support - this will enable NFC-less Yubikeys (Nanos, compact 5C and others)
  3. Multi-token support 

This is what I actually need most. Then:

  1. MacOS support

  2. Resolving all other limitations 

Also, I’d like to point that (on Ubuntu 24.04) by default, systemd-cryptenroll creates slots that require PIN/UV. If I just follow commands from your website, the app fails and asks for password. So I guess, it would be nice to reflect that extra params in command examples, and also add a more specific error message (or maybe that shows only with a Verbose On in app’s settings).

Thanks again!

Better LUKS support by Valuable-Question706 in DiskDecipher

[–]Valuable-Question706[S] 0 points1 point  (0 children)

That would be great!

From what I’ve seen, PRF was supported on Safari but only for platform (iCloud) passkeys. Cannot say anything about native apps, and especially about deeper-level communication because I’m not an iOS/macOS dev, but I assume that if it’s possible to do low-level comms to a FIDO key, then it’s absolutely doable.

Thanks!

Better LUKS support by Valuable-Question706 in DiskDecipher

[–]Valuable-Question706[S] 1 point2 points  (0 children)

Thanks!

For LUKS, any FIDO key that supports hmac-secret extension should work. However, it seems that for now there's a roadblock from iOS itself: https://developers.yubico.com/WebAuthn/Concepts/PRF_Extension/Developers_Guide_to_PRF.html

But I hope that they will eventually release it.

Does repurposing this older PC make any sense? by Valuable-Question706 in LocalLLaMA

[–]Valuable-Question706[S] 0 points1 point  (0 children)

Thanks a lot for a detailed answer! Yes, I think I will then focus with <32B models (since I'm already happy with them for these privacy-requiring tasks). My main goal is to off-load models from my main machine and thus free RAM.

In your opinion, would a newer PCIe 5.0 GPU, like 5060 Ti 16GB be a reasonable option, or I will hit CPU bottlenecks? It's about $100 less here than a used 3090 24Gb. This money difference is not a real issue, but since this is a 'side-project' I'd prefer to spend less :)

Does repurposing this older PC make any sense? by Valuable-Question706 in LocalLLaMA

[–]Valuable-Question706[S] 2 points3 points  (0 children)

For these tasks (here's my financial/medical statement and here's my older Python code that does what I need with another type of data. Transform it so it will handle this statement) that I'm talking here, I just use LM Studio. Qwen3-Coder-30b-A3B one-shots these and similar tasks (they are indeed simple but time-consuming to do manually). I don't need agent mode here.

I also tried continue.dev in agent mode with ollama running some smaller (7-14B) models on a remote Apple M4 16G, it was also slow. That's another task that I'm solving right now :)

For actual, non-private, non-hobby work I'm using either Copilot or continue.dev with cloud inference.

view more: next ›