upvote

points

by dark-star6 hours ago |
comments
upvoteby askonomm6 hours ago|
next
[-]
Ah, yes, the [insert super inconvenient and complex thing to do that most people don’t know, want or should do] will solve it! And when that fails, surely the user can just write their own OS, right? Bunch of skill-issued complainers we the users are.
reply
upvoteby falcor845 hours ago|
parent|
next
[-]
Well, the hope was always that those of us inconvenienced by M$ would all collectively contribute to making Linux distros more convenient for everyone. But we can't ever seem to get inconvenienced enough to actually sufficiently mobilize and/or coordinate such an effort.
reply
upvoteby weaksauce4 hours ago|
parent|
[-]
It does seem like linux is having its moment right now. there's the money and effort valve is putting into KDE making the steamdeck and steammachine polished for their hardware which helps all users of KDE. cachyos is making having a rolling distro really smooth and snappy on old hardware and making games work mostly ootb. stuff like winboat and wine will let you use the few windows apps you need. you are kinda stuck though if you want to use something like fusion360 or solidworks. freecad has improved quite a bit but it's still like gimp where it's slightly worse UX in a lot of ways.
reply
upvoteby SV_BubbleTime2 hours ago|
parent|
[-]
Valve is doing great work.

Now… maybe we could condense the 10,000 pointless distros down to a dozen? Oops, nope. Now 10,001, except this one has the menu bar in the middle of the screen and it moves around.

reply
upvoteby dark-star4 hours ago|
parent|
prev|
[-]
I mean, the super-easy option would be to just use BitLocker for FDE. No hassles, just works. But I fugured since everyone here on HN hates MS I wouldn't even bring that up. Don't trust MS? Enroll yourown keys
reply
upvoteby rstat13 hours ago|
parent|
[-]
Yes use Bitlocker, the thing that uploads the encryption key to OneDrive "for convenience" thereby negating the whole point of FDE in the first place
reply
upvoteby malfist6 hours ago|
prev|
next
[-]
> or (the better solution) just enroll your own certificate in your TPM and sign the driver with that...

I'll tell Grandma that's what she needs to do.

reply
upvoteby pixel_popping6 hours ago|
parent|
next
[-]
Make sure that she setup a PKI infrastructure to manage certificate revocation as well, wouldn't want a bad grandson to mess with it.
reply
upvoteby p_ing4 hours ago|
parent|
prev|
next
[-]
Why would you put Grandma on VeriCrypt in the first place? It's the more 'difficult' option for FDE.
reply
upvoteby unethical_ban3 hours ago|
parent|
[-]
What's easier, and bitlocker doesn't count. I want my FDE to be based on a password or a keyfile, not simply by some code in the motherboard. I want it encrypted until I, the operator, provide some data to unlock.

In my limited experience with bitlocker, the disk is decryptable automatically as long as it's in the original motherboard.

reply
upvoteby p_ing3 hours ago|
parent|
[-]
> and bitlocker doesn't count.

Wat? Bitlocker is the answer to your question.

> In my limited experience with bitlocker, the disk is decryptable automatically as long as it's in the original motherboard.

It's unlocked (not decrypted) when the OS boots, yes. You can optionally enforce (not on Home) other unlock methods, such as PIN before the OS boots.

> I want my FDE to be based on a password or a keyfile, not simply by some code in the motherboard.

That's less secure than TPM.

reply
upvoteby unethical_ban3 hours ago|
parent|
[-]
If someone steals my laptop, and there is no factor of decryption requiring something I possess or know, then the only use of that disk being encrypted is that I can throw it out more safely at end of life. Thieves/LEO has the data because they have the motherboard.

If bitlocker has a PIN/passphrase decrypt option, then I missed it.

reply
upvoteby p_ing27 minutes ago|
parent|
[-]
While a thief or LEO could boot the OS, just having the motherboard doesn’t give them access to the underlying data. They would need to have a valid user account.
reply
upvoteby dark-star4 hours ago|
parent|
prev|
[-]
your grandma is probably fine with BitLocker....
reply
upvoteby ntoskrnl_exe5 hours ago|
prev|
[-]
And they say Linux is inconvenient because you have to open the terminal every once in a while.
reply