<elvishjerricco>
andi-: I have no doubt that any no-password system will be vulnerable to *something*, but an electron microscope is a heck of a lot harder to pull off than a physical keylogger :P
<andi->
Just don't do any sensitive computing its all flawed.. *runs around with a tinfoil hat*
<elvishjerricco>
Yea. I wouldn't use this on a system I expect to be targeted
<elvishjerricco>
Actually, I guess that kind of method probably works at some level no matter how you provide the key. The only difference is that making it automatic lets them reset it at will if they have control, where as manual key entry requires you to be the one to reset it.
__Sander__ has joined #nixos-chat
<andi->
Since using nixos I have been thinking of just using a one-time-password. Aka wiping the luks header on boot. If the system crashes -> restore from SCM & backups..
<infinisil>
It *was* down for a minute there though for sure, I got a server error message
<gchristensen>
I can! FireFox has a style editor
<joepie91>
infinisil: it's not that strange that things sometimes go down for a bit? :P
tertl3 has joined #nixos-chat
jtojnar has quit [Remote host closed the connection]
jtojnar has joined #nixos-chat
<__monty__>
Yep, you can even style the UI and see the changes live.
<__monty__>
(FF's UI is also styled with css.)
drakonis has joined #nixos-chat
<samueldr>
gchristensen: chrome's inspector can, I would bet it either was stolen from firefox's or has been by firefox; they are close to feature parity
<gchristensen>
nice
<joepie91>
oh, the various browser inspectors have been yanking each other's features since firebug
<joepie91>
lol
<samueldr>
(and there's nothing wrong with that :))
<joepie91>
oh no, it's great
<joepie91>
I'm frankly surprised how there's still multiple major browsers that have roughly feature parity and compatibility
<joepie91>
down to the developer tools
<joepie91>
existing in tandem
<joepie91>
I don't think people appreciate enough what a ridiculous achievement that is
<joepie91>
given that three people can agree if two of them are dead and all that
__Sander__ has quit [Quit: Konversation terminated!]
oscarvarto has joined #nixos-chat
<pie__>
a bunch of web conferencing stuff only works properly on chrome for some reason though even though firefox should also be supported -_-
drakonis has quit [Remote host closed the connection]
<sphalerite>
pie__: *conspiracy theorist face* google pays them
<pie__>
hehe
oscarvarto has quit [Quit: This computer has gone to sleep]
<clever>
andi-: single bit errors in ram can even occur on cellphones, and if that flipped bit is in a domain name, you can land on the wrong server
<gchristensen>
...lol.
<clever>
and in the right case, the ssl cert will be checked against the flipped domain
<andi->
clever: aaargh
<clever>
so lets encrypt gets you a "valid" cert for whatever domain your targeting
<joepie91>
not just let's encrypt, any CA
<clever>
yep
<clever>
but LE is free
<clever>
and when you need 1 domain for every single bit in the domain
<andi->
just use a webserver that issues them on-demand ;-)
<joepie91>
clever: there are various CAs that, under the right circumstances, will offer you flatfee certs :)
<clever>
joepie91: there is one CA that validates domain ownership by checking the registrar records
<clever>
but the registrar shows a jpeg of your email, for anti-spam reasons
<clever>
the CA runs an OCR over the jpeg
<clever>
and it gets some characters flipped
<joepie91>
lol
<clever>
if you know which ones to abuse, you can verify a cert for a domain you dont control
<clever>
and then your free to mitm them
sppky has quit [*.net *.split]
zimbatm has quit [*.net *.split]
manveru has quit [*.net *.split]
nand0p has quit [*.net *.split]
sir_guy_carleton has joined #nixos-chat
jtojnar has quit [Remote host closed the connection]
jtojnar has joined #nixos-chat
drakonis_ has joined #nixos-chat
<elvishjerricco>
I am having no luck googling how to update TPM firmware on ryzen...
<clever>
elvishjerricco: and nfs has decided to sabotage things here
<elvishjerricco>
hm?
<clever>
elvishjerricco: nixos-rebuild switch reset the wifi, and broke an nfs mount, now nixos-rebuild deadlocks because nfs is not responding
<elvishjerricco>
ah
<elvishjerricco>
well that's frustrating
<clever>
ctrl+c did nothing, but -9 worked
<joepie91>
heh
__monty__ has quit [Quit: leaving]
nckx has quit [Quit: Updating my GNU GuixSD server — gnu.org/s/guix]
<elvishjerricco>
Oh yea, updating the BIOS kills the overclocking settings. Sadface
nckx has joined #nixos-chat
<elvishjerricco>
Updating the bios didn't even fix the issue. Darn
<elvishjerricco>
So if I updated my UEFI to the latest available, should I expect the TPM firmware for the Ryzen CPU to be up to date? Or is that firmware going to be from somewhere else?
drakonis_ has quit [Remote host closed the connection]
<andi->
elvishjerricco: I feel sorry for you... you went down the rabbit hole
<elvishjerricco>
andi-: At least it's a fun rabbit hole :P
<andi->
thats what you say now..
<joepie91>
so, who here likes oddball applied crypto?
<joepie91>
(reading it again, taking notes this time)
kisik21 has quit [Ping timeout: 252 seconds]
jtojnar has quit [Quit: jtojnar]
jtojnar has joined #nixos-chat
<elvishjerricco>
Ok, microcode is updated, bios is updated, and kernel is updated. Is there anything else that might be preventing TPM from working?
<andi->
elvishjerricco: do you have a TPM?
<elvishjerricco>
andi-: Yes, all Ryzen chips have a fTPM
<elvishjerricco>
But I dunno if there's special firmware I need to update
<elvishjerricco>
And there doesn't seem to be any documentation on that...
<andi->
did you grep the kernel source tree? ;-)
<elvishjerricco>
andi-: I'm pretty sure I know the blocks of code which *might* be causing problems if it's the kernel, but I have no idea what's going on:P
<elvishjerricco>
I only updated the microcode via the kernel. I guess maybe I need to do it from the BIOS instead, considering the TPM does get extended by the BIOS and boot loader
<elvishjerricco>
I would have guessed that updating the BIOS would do that though