2021-10-10.log

+ chartreuse (~chartreus@s0106f0f249dfd9c3.cg.shawcable.net)		00:00
vagrantc	ok, will have to get used to shutting down from a logged in session	00:03
chartreuse	vagrantc: Yeah the power off from the keyboard is a hard power off	00:06
chartreuse	I mean it should be possible to add a soft-power off trivially to the keyboard. Basically send the scancode for a power key on the keyboard	00:07
chartreuse	I'll look into that, could be added as an extra menu option	00:07
vagrantc	that would be a nice addition :)	00:08
vagrantc	i noticed there's an option for wake, but not suspend, too	00:09
- freakazoid343 (QUIT: Remote host closed the connection) (~matt@2603:9000:cf0f:80e3:6034:c436:2d1e:b4a)		00:12
+ freakazoid343 (~matt@2603-9000-cf0f-80e3-6034-c436-2d1e-0b4a.inf6.spectrum.com)		00:13
chartreuse	Well the suspend is buggy but yeah I could add both at the same time since they both involve sending a keystroke	00:19
chartreuse	Other thing I want to add is the missing confirmation boxes for the hard shutdown (and also power on if the system is already on)	00:20
- S0rin (QUIT: Ping timeout: 252 seconds) (~S0rin@user/s0rin)		00:22
+ S0rin (~S0rin@user/s0rin)		00:25
vagrantc	does powering on while already powered on cause issues?	00:30
- freakazoid343 (QUIT: Remote host closed the connection) (~matt@2603-9000-cf0f-80e3-6034-c436-2d1e-0b4a.inf6.spectrum.com)		00:34
mntmn	vagrantc: that would do a reset	00:41
vagrantc	check.	00:43
+ reform4489 (~djdeath@5.20.171.148)		00:43
- reform4489 (QUIT: Client Quit) (~djdeath@5.20.171.148)		00:44
+ dj-death (~djdeath@vps-8659ed31.vps.ovh.net)		00:44
chartreuse	It does a hard reset yeah and I've accidentally done that before	00:52
mntmn	it's the "the cops are coming through the door" function	00:52
chartreuse	Heh, poweroff already does that too, and gives more time for the ram to lose its contents :P	00:53
chartreuse	You know, on that topic, could add a panic mode button that wipes ram and starts overwriting the headers on the sd card and nvme :P	00:54
chartreuse	I would be way to paranoid about accidentally hitting that though XD	00:54
vagrantc	"Are your sure it is time to panic?"	00:55
mntmn	haha	00:58
mntmn	well i guess luks should be pretty hard/expensive to crack	00:58
mntmn	but the ram content, yeah	00:58
mntmn	poweroff is better ^^	00:58
chartreuse	Yeah would have to see the speed of ram decaying to lose keys in memory vs filling it with garbage in software	01:08
chartreuse	Yeah LUKS should be fine, and writing over the headers loses the actual key that is protected by the password so then even the owner can't ever decrypt it again	01:09
mntmn	i think it would be rare to encounter a forensic unit that could even handle reviving ram on the fly	01:09
chartreuse	There are attacks for that where you freeze the ram to prevent the contents from being lost	01:09
mntmn	haha	01:09
chartreuse	Then you can boot special software to dump the preserved memory contents across a reboot	01:09
mntmn	so someone comes in and sprays your laptop with liquid nitrogen?	01:10
chartreuse	Basically yeah	01:10
chartreuse	Cold boot attack	01:10
chartreuse	It's a way of circumventing full disk encryption on a running laptop too	01:11
mntmn	yeah crazy	01:11
chartreuse	Like they might not be able to log in or do stuff, but the disk is encrypted. So you spray cold spray on the ram for the brief period that you need to restart the computer into the forensic os	01:11
chartreuse	This would be attacks where you left a laptop in standby in a hotel, or agents see you using the computer in public, and basically snatch if from you, giving you at most time to logoff	01:12
chartreuse	I believe it's typically an "evil maid" type attack where you left the machine in standby	01:12
vagrantc	ACTION wonders what the window of cold is that isn't so cold it just physically destroys the ram while still leaving it readable	01:12
chartreuse	I think you'd be hard pressed to physical destroy it even with liquid nitrogen. But I think "cold spray" like R134 would work just fine	01:13
chartreuse	OH! and if you don't trust the machine and want just the data in ram. You can keep it cold. and remove it from the machine and put it into a custom reader to dump the whole thing	01:13
chartreuse	So the BIOS or what not can't even wipe it	01:14
chartreuse	It's a really crazy attack that relies on dram only slowly losing its contents, and basically taking minutes at cold temps	01:14
mntmn	nuts	01:15
mntmn	so it's better to not have ram on dimms ;)	01:15
mntmn	desoldering while cold will be hard	01:15
chartreuse	Yep, and there's other ways like using TPMs for keys, and what not to avoid having them in ram. But I prefer openness and such over total physical security	01:16
mntmn	yeah	01:16
chartreuse	My threat model is not really that the government is after me personally and willing to spend millions on resources to get at me	01:16
mntmn	same. more like an interesting thing to think about	01:16
mntmn	my biggest threat is me not making enough backups or something	01:17
chartreuse	You could also have ram chips that have those fancy self destruct mechanisms like some security chips have, where if you damage a fine trace covering the entire outside it destroys the contents	01:17
mntmn	ah crazy	01:17
chartreuse	To prevent delidding attacks or such where you access the die directly	01:17
chartreuse	Some high end security/encrpytion chips have that. Not sure any consumer TPM chip bothers though	01:18
mntmn	the new imx8x lite has something like this, a tamper protection thing, but haven't looked into the details	01:18
chartreuse	Could be something like that though, but probably not as involved. They're sometimes seen in credit card terminals and the like too the wipe the secret keys (in addition to ones that do it when the case is opened)	01:18
dj-death	mntmn: are you still doing those reform modifications on the early models?	01:40
mntmn	dj-death: yeah	01:41
mntmn	as promised	01:41
dj-death	cool	01:46
- chomwitt (QUIT: Ping timeout: 265 seconds) (~chomwitt@94.66.61.137)		02:08
+ sl (~sl@104-59-85-219.lightspeed.iplsin.sbcglobal.net)		03:18
- sundog (QUIT: Quit: The Lounge - https://thelounge.chat) (~sundog@reclaim.technology)		04:07
+ sundog (~sundog@reclaim.technology)		04:08
+ khm (~kfx@wopr.sciops.net)		04:24
khm	I don't know why libera keeps disconnecting me...	04:25
- sl (QUIT: Quit: leaving) (~sl@104-59-85-219.lightspeed.iplsin.sbcglobal.net)		04:31
- sbates (QUIT: Quit: Leaving) (~sbates@198.178.118.18)		04:46
- vagrantc (QUIT: Quit: leaving) (~vagrant@2600:3c01:e000:21:21:21:0:100b)		06:33
- dodo (QUIT: Quit: dodo) (~dodo@user/dodo)		06:38
+ dodo (~dodo@user/dodo)		06:39
- jvalleroy (QUIT: Quit: http://quassel-irc.org - Chat comfortably. Anywhere.) (~quassel@user/jvalleroy)		08:00
+ jvalleroy (~quassel@user/jvalleroy)		08:02
+ chomwitt (~chomwitt@2a02:587:dc18:b400:12c3:7bff:fe6d:d374)		09:13
- chomwitt (QUIT: Ping timeout: 252 seconds) (~chomwitt@2a02:587:dc18:b400:12c3:7bff:fe6d:d374)		10:29
+ chomwitt (~chomwitt@2a02:587:dc18:b400:12c3:7bff:fe6d:d374)		10:30
- chartreuse (QUIT: Quit: leaving) (~chartreus@s0106f0f249dfd9c3.cg.shawcable.net)		11:18
- kklimonda (QUIT: Read error: Connection reset by peer) (sid72883@user/kklimonda)		11:30
+ kklimonda (sid72883@user/kklimonda)		11:33
- kklimonda (QUIT: Ping timeout: 260 seconds) (sid72883@user/kklimonda)		12:35
+ kklimonda (sid72883@user/kklimonda)		12:37
+ aliosablack (~chomwitt@2a02:587:dc18:b400:12c3:7bff:fe6d:d374)		13:10
- chomwitt (QUIT: Ping timeout: 252 seconds) (~chomwitt@2a02:587:dc18:b400:12c3:7bff:fe6d:d374)		13:10
- erlehmann (QUIT: Ping timeout: 245 seconds) (~erle@dynamic-046-114-033-127.46.114.pool.telefonica.de)		15:03
+ erlehmann (~erle@dynamic-046-114-036-111.46.114.pool.telefonica.de)		15:05
+ sbates (~sbates@198.178.118.18)		15:05
- S0rin (QUIT: Ping timeout: 252 seconds) (~S0rin@user/s0rin)		15:26
+ S0rin (~S0rin@user/s0rin)		15:29
vkoskiv	Has it been measured how much latency the DSI->eDP conversion introduces?	15:52
mntmn	vkoskiv: no perceivable latency	15:58
mntmn	it does not have a full frame buffer iirc	15:58
mntmn	just a fifo	15:58
- adjtm (QUIT: Quit: Leaving) (~adjtm@150.red-81-36-209.dynamicip.rima-tde.net)		16:11
+ adjtm (~adjtm@150.red-81-36-209.dynamicip.rima-tde.net)		16:38
+ freakazoid333 (~matt@2603:9000:cf0f:80e3:6034:c436:2d1e:b4a)		17:17
- erlehmann (QUIT: Quit: Just say no, then the virus can not enter your body without your consent.) (~erle@dynamic-046-114-036-111.46.114.pool.telefonica.de)		17:35
+ erlehmann (~erle@dynamic-046-114-036-111.46.114.pool.telefonica.de)		17:37
- qbit (QUIT: Quit: WeeChat 3.2.1) (~qbit@ns2.suah.dev)		17:40
+ vagrantc (~vagrant@2600:3c01:e000:21:21:21:0:100e)		18:07
- S0rin (QUIT: Ping timeout: 252 seconds) (~S0rin@user/s0rin)		18:22
+ skyfaller (~skyfaller@pool-108-52-124-2.phlapa.fios.verizon.net)		18:27
+ S0rin (~S0rin@user/s0rin)		18:29
- vagrantc (QUIT: Quit: leaving) (~vagrant@2600:3c01:e000:21:21:21:0:100e)		18:58
+ qbit (~qbit@ns2.suah.dev)		19:04
vkoskiv	Cool. Really clever solution to the firmware issue, too!	19:04
- S0rin (QUIT: Ping timeout: 252 seconds) (~S0rin@user/s0rin)		19:35
- freakazoid333 (QUIT: Read error: Connection reset by peer) (~matt@2603:9000:cf0f:80e3:6034:c436:2d1e:b4a)		20:10
+ freakazoid333 (~matt@2603-9000-cf0f-80e3-6034-c436-2d1e-0b4a.inf6.spectrum.com)		20:10
- skyfaller (QUIT: Quit: skyfaller) (~skyfaller@pool-108-52-124-2.phlapa.fios.verizon.net)		20:30
- sbates (QUIT: Quit: Leaving) (~sbates@198.178.118.18)		20:57
- xktr_ (QUIT: Quit: leaving) (~xktr@37.120.147.5)		21:26
+ xktr (~xktr@37.120.147.5)		21:28
+ S0rin (~S0rin@user/s0rin)		21:32
- S0rin (QUIT: Ping timeout: 252 seconds) (~S0rin@user/s0rin)		22:22
+ S0rin (~S0rin@user/s0rin)		22:22
- adjtm (QUIT: Remote host closed the connection) (~adjtm@150.red-81-36-209.dynamicip.rima-tde.net)		23:10
+ adjtm (~adjtm@150.red-81-36-209.dynamicip.rima-tde.net)		23:10
- aliosablack (QUIT: Ping timeout: 245 seconds) (~chomwitt@2a02:587:dc18:b400:12c3:7bff:fe6d:d374)		23:33

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!