It’s meant to protect the software, not the hardware. Of course you can still put a hardware keylogger on it.

You’re also only considering the use case of the owner and user being the same person. In a business context, the user and the owner are two different persons. It can be used to ensure the company’s MDM and security software aren’t tampered with, for example if you try to exfiltrate company data. In that situation, even if you have a keylogger, it doesn’t help you much, it still won’t allow you root access on the machine, because the user of the machine doesn’t have root access either.

Same with servers: you don’t even care if the hardware is keylogged, nobody’s ever using the local console anyway. But it’ll tell you if a tech at the datacentre opened the case, and they can’t backdoor the OS during a planned hardware maintenance.

Same with kiosk machines: you can deface the hardware all you want, the machine’s still not gonna let you order a free sandwich. If you buy one off eBay you can bypass secure boot and wipe it and use it, but it won’t let you sneak a USB on it while nobody’s watching and attack the network or anything like that.

But yes, for most consumers it’s a bit less useful and often exploited in anti-consumer ways.

It’s mostly for use cases where you can lose physical access to the computer like overnight at the office, at a hotel while travelling, in a shared server room, etc. It’s extra assurance that the computer runs the software you expect it to run and nothing else without at least being somewhat noisy about it.

This can in turn be used to use the TPM to get a disk encryption key, so you can do full disk encryption but still boot to a normal login screen without entering a password. It will only hand out the key with the correct signed boot chain.

If you have a desktop PC at home that nobody untrusted touches, then yeah there isn’t that much value to it for you.

If we deleted everything written by insufficiently pure developers, we wouldn’t have a Linux desktop. Especially if we count the ones that were smart enough to not bring up anything political in public.

Not a fan of DHH, but then you delete Rails then there’s no GitHub, GitLab, Mastodon, and many many other things given how popular Rails is, and that’s just that one guy.

If you include all the sketchy stuff that happens in the supply chain mining the minerals, processing, assembly all the way up to the final computer product, you just can’t morally justify supporting any manufacturer either.

This really doesn’t do anything useful other than feeling good to not support one of those guys. If anything it just adds extra political drama that feeds into a much bigger worldwide division problem.

Because fear and hypocrisy, and pretending we’re somehow special as humans. It’s okay for us to copy this style, and replicate this drum set, and sample these sounds. We’re okay torrenting stuff because screw the big rich studios. We’re okay buying knockoff stuff because it’s cheaper.

We only care because it’s started crushing small creators struggling to make a living, and AI can gobble up training data faster than any human reasonably can in a lifetime.

Intellectual property has always been broken, AI just exposes the problem more clearly. It’s always been a double-standard.

At this point China doesn’t need propaganda, they just let the chinese users look at the US user’s misery by themselves and sit back.

When Rednote was first flooded by the first wave of TikTok refugees, the chinese users were baffled just how much worse it was than their propaganda said. Which is probably why they just let it go and didn’t immediately shut it down.

Rednote is pretty different vibes, I’m on it but not nearly as much as TikTok. It’s pretty interesting for what it is but it’s not a replacement and it’s not competing to be a replacement either.

I would guess they’ll probably move to Bytedance’s other app, Lemon8, or probably Skylight Social as Bluesky is generally pretty popular with the particular part of TikTok I’m on, so everyone already have ATproto accounts and follows.

No, I would simply give them a box of condoms or whatever.

If they’re gonna do it, they’re gonna do it, and as a parent, you’re way better off with your kids comfortable not hiding it because if there’s complications you can intervene quickly. If the condom broke, you want the kid to come to you so you can get plan B and not have to deal with an abortion a couple weeks or even months later. It’s also way better they get caught doing it at home vs in a car and now be on the sex offender registry.

What you’re describing is abstinance and is common in religious families, and well know for being ineffective. Plus as you’ve described, it completely falls apart when bisexuality is involved, and it makes even less sense if it’s physically impossible to even get pregnant.

The same extends to alcohol, drugs, porn, whatever evil vice people are worried. If your kid’s gonna do drugs, you want them to feel comfortable calling you if they have a bad trip, and also feel comfortable giving you the drugs so you can get them to the hospital and they can quickly identify what you’re on and give the necessary medications.

They’re gonna learn about all that eventually, better they learn it from you. Punishment and “you’ll understand when you’re grown up” doesn’t work. If they’re old enough to ask, they’re old enough for the answers too.

This is why when an app pops up that permission dialog, you always say no. The number of permissions Meta apps ask immediately upon startup is a red flag on its own.

Can’t collect and upload what it doesn’t have.

That seems like a good way to get vendors to start only shipping firmware updaters that only runs on Windows again.

I don’t think I’ve ever updated a BIOS from any operating system, always flashed via the BIOS itself. Most can flash the BIOS without even a CPU installed these days.

It’s a good idea to validate the information before being outraged at it.

If that works, something with the PipeWire state might be weird. Tried deleting pipewire/wireplumber in ~/.local/state followed by a reboot (or restarting pipewire and wireplumber). That should reset it.

Aside from the other answers, no you can’t offload computations to memory. Memory stores data, it doesn’t compute.

The only way having more memory can possibly improve performance, is by having a cached copy of files so they don’t have to be fetched from disk, and applications potentially caching the results of heavy but reusable computations. (Unless you run out of memory and starts spilling over to disk, then more memory will make it fast again by avoiding swapping).

I mean I guess technically yes you could transcode into H264 into a tmpfs mount, and then play the H264, but you’re still not doing it faster and certainly not fast enough to watch in real time, you’re just decoding the AV1 well in advance before actually watching it.

Nope. Even Qualcomm themselves provide what’s needed to run Linux on the Windows for ARM PCs.

The only one I can’t find for sure is whether there’s any lockdown on the firmware for the Microsoft Surface and Copilot+ laptops, but I’m also not finding any sources pointing that it would be. But at this point you’re buying Microsoft hardware, what do you expect.

It has nothing to do with ACPI whatsoever. And firmwares this broken are the exception not the rule.

That’s bullshit. ARM is an architecture and by itself does not specify secure boot any more than x86 does. Raspberry Pis don’t have secure boot. You can unlock the bootloader on a Pixel, install GrapheneOS, and relock the bootloader just fine. Several other manufacturers allow bootloader unlocks no problem. The main reason you can’t on some popular phones is US carriers, even international Samsungs you can unlock the bootloader and flash whatever you want on it.

I’m literally typing this comment on a phone running a custom OS (LineageOS on a OnePlus 8T). I’m literally 2 versions of Android ahead of the latest supported version. I also have a Galaxy S7 running Android 15, a phone that officially tops out at Android 8 and launched with Android 6. Both you literally just toggle the bootloader unlock option in the settings, no hacks no craziness, it’s literally a feature.

At this point you’re just straight up making shit up.

That’s the whole point of enrolling your own keys in the firmware. You can even wipe the Microsoft keys if you want. You do that from the firmware setup, or within any OS while secure boot is off (such as sbctl on Linux).

That’s a feature that is explicitly part of the spec. The expectation is you password protect the BIOS to make sure unauthorized users can’t just wipe your keys. But also most importantly that’s all measured by the TPM so the OS knows the boot chain is bad and can bail, and the TPM also won’t unwrap BitLocker/LUKS keys either.

Secure boot is to prevent unauthorized tampering of the boot chain. It doesn’t enforce that the computer will only ever boot Microsoft-approved software, that’s a massive liability for an antitrust lawsuit.

As commenters on the LWN thread said, I doubt that many firmwares even bother to check anyway. My motherboard happens to have had a bug where you can corrupt the RTC and end up in 2031 if you overclock it wrong. I didn’t use secure boot then though so I don’t know if it would have still booted Windows. But I imagine it would.

That said, I’ve always just enrolled my own keys. I know some other distros that make you enroll their keys as well like Bazzite. At least that way you don’t depend on Microsoft’s keys and shim or anything, clean proper secure boot straight into UKI.

The main issue you’ll run into is nicher proprietary software being hard to install, but that’s what containers are for. The main one I see is if you need to install some proprietary VPN client it gets annoying, but since you’ll be running a VM anyway you can do some network trickery. My work’s antivirus only works on Ubuntu and RHEL, proprietary kernel modules so it’s got to be at least one of those kernels.

Linux is Linux, nothing’s impossible to solve even with Bazzite’s immutability. Worst comes to worst you make your own images and it’s not that hard, you basically just fork it on GitHub and let the CI do its thing.

But do you have time to fiddle to make it work and take the risk, or do you want to play it safe? How confident are you with Bazzite’s more advanced topics?

Ubuntu 7.10 so late 2007, but I guess the nerd part came when I installed Arch in 2011. Still running that very same install.

My own personal example: https://www.reddit.com/r/linux4noobs/s/8FM1ZvXi68

It just doesn’t look great nor serious nor welcoming.