• 3 Posts
  • 193 Comments
Joined 2 years ago
cake
Cake day: June 3rd, 2023

help-circle



  • It likely depends on the courthouse, but generally speaking you’ll show up, sign in, someone will give a little talk about how things work, and then you’ll wait in a waiting room for a few hours while various names are called. Then you’ll go into the court room and the actual jurors will get selected from the pool. They’ll ask some questions and depending on the answer some people will get removed (having a family member who’s a police officer is pretty common).

    If you’re not selected, you’ll probably go back to the waiting room to see if you get pulled for another case. If you are, you’ll sit and listen to the details of the case and eventually make a determination. Depending on the case/jurisdiction, you might also be a “backup juror” where you’ll sit through the entirety of the case, but won’t actually be part of the deliberation at the end unless another juror had to drop out for some reason.

    I ended up getting a murder trial, which was pretty interesting. Overall wasn’t a horrible experience, but definitely glad I brought a Steam Deck while I was waiting.





  • Ah, gotcha, I was thinking more in terms of software attacks than hardware, and that some vulnerability would come up at some point for them to get root access, at which point I think they’d be able to get the key one way or another. I’d imagine it also depends on how locked down the system can be based on the nature of their duties; arbitrary internet access makes shipping it off somewhere a bit easier. Another consideration would be that the drive could also be imaged, and if the key were ever recovered at a later date through whatever method/mistake/etc. the entirety of the data could be recovered.

    But, yeah, definitely agree that that’s all moving well outside the bounds of disgruntled/opportunistic employee and more into the persistent adversary realm.


  • Fundamentally, once someone has some of the data, they have that data, and you can make no guarantees to remove it. The main question you need to ask is whether or not you’re okay with limiting it to the data they’ve already seen, and what level of technical expertise they need to have to keep the data.

    Making some assumptions for what’s acceptable as a possibility, and how much you want to invest, I’d recommend having the data on a network-mapped share, and put a daily enforced quota for their access to it. Any data they accessed (presumably as part of their normal duties) is their’s, and is “gone.” But if you remove their access, they can’t get any new data they didn’t touch before, and if they were to try and hoover up all the data at some point to copy it off, they’d hit their quota and lose access for a bit (and potentially send you an alert as well). This wouldn’t prevent them from slowly sucking out the data day after day.

    If they only need to touch a small fraction of the customer data, and particularly if the sensitivity of the data goes down over time (data from a year ago is less sensitive than data from a day ago) this might be a decent solution. If they need to touch a large portion of the data, this isn’t as useful.

    Edit: another nice bit is that you could log on the network share (at your location) which of the customer data they’re accessing and when. If you ever want to audit, and see them accessing things they don’t need, you can take action.

    I think the next best solution is the VDI one, where you run a compute at your location, and they have to remote into it. If they screen capture, they’ll still save off whatever data they access, and if they have poor, or inconsistent, connection up your network it’ll affect their ability to do their job (and depending how far away they are it might just be super annoying dealing with the lag). On top of that, it’s dependent on how locked-down they need to be to do their job. If they need general Internet access, they could always attempt to upload the data somewhere else for them to pull it. If your corporate network has monitoring to catch that, you might be okay, but otherwise I think it’s a lot of downside with a fairly easy way to circumvent.


  • I’m not the most up to speed on TPM’s, but does it have the capability to directly do network access in order to pull the key? Otherwise, you’re going to need the regular OS to get it to the TPM somehow, in which case that’s the weak link to pull the key instead of ripping it from the TPM itself.

    And once they have the key once, how do you enforce them having to re-request it? Is there a reason that that point they couldn’t just unplug from the Internet (if even necessary) and copy the entirety of that drive/partition somewhere else?





  • That’s kinda a weird take, since the private server model was the only model until 10 years ago or so. Companies definitely know it. It’s just not financially efficient comparing to benefiting from economies of scale with hosting. Plus you don’t lose a ton of money or piss of players if you over or under estimate how popular the game will be.

    Had they gone with private servers here, they would have lost even more money than they already have. The problem here is they spent too much money on a game no one wanted to play, chasing a fad that ended before it launched.


  • Microsoft has fired two employees who organized an unauthorized vigil at the company’s headquarters

    But they contended that Thursday’s event was similar to other Microsoft-sanctioned employee giving campaigns

    Seems like employer approval is an important piece.

    But I think the most interesting part of the article is

    Nasr said his firing was disclosed on social media by the watchdog group Stop Antisemitism more than an hour before he received the call from Microsoft. The group didn’t immediately respond Friday to a request for comment on how it learned about the firing.




  • I actually looked into this, part of the explanation is that in the 80s, Sweden entered a public/private partnership to subsidize the purchase of home computers, which otherwise would have been prohibitively expensive. This helped create a relatively wide local consumer base for software entertainment as well as have a jump start on computer literacy and software development.


  • Also made the switch not too long ago, only using Manjaro. Steam’s proton had gotten extremely good at playing Windows games, so there’s a good chance that it could run your old strategy game.

    You might already have this on your set-up, but having wine auto-launch for Windows executables has been fantastic. I regularly pull and run Windows executables without really giving it a second thought, and so far it’s generally “just worked.”