Just curious, why aren’t you vegan if you consider it morally bankrupt to be complicit in the meat industry?

Bear in mind, with this liberal interpretation, any time you access a website, that is also consuming someone’s labor and if you don’t have a subscription to it, it is unpaid.

Ah, gotcha, I was thinking more in terms of software attacks than hardware, and that some vulnerability would come up at some point for them to get root access, at which point I think they’d be able to get the key one way or another. I’d imagine it also depends on how locked down the system can be based on the nature of their duties; arbitrary internet access makes shipping it off somewhere a bit easier. Another consideration would be that the drive could also be imaged, and if the key were ever recovered at a later date through whatever method/mistake/etc. the entirety of the data could be recovered.

But, yeah, definitely agree that that’s all moving well outside the bounds of disgruntled/opportunistic employee and more into the persistent adversary realm.

Fundamentally, once someone has some of the data, they have that data, and you can make no guarantees to remove it. The main question you need to ask is whether or not you’re okay with limiting it to the data they’ve already seen, and what level of technical expertise they need to have to keep the data.

Making some assumptions for what’s acceptable as a possibility, and how much you want to invest, I’d recommend having the data on a network-mapped share, and put a daily enforced quota for their access to it. Any data they accessed (presumably as part of their normal duties) is their’s, and is “gone.” But if you remove their access, they can’t get any new data they didn’t touch before, and if they were to try and hoover up all the data at some point to copy it off, they’d hit their quota and lose access for a bit (and potentially send you an alert as well). This wouldn’t prevent them from slowly sucking out the data day after day.

If they only need to touch a small fraction of the customer data, and particularly if the sensitivity of the data goes down over time (data from a year ago is less sensitive than data from a day ago) this might be a decent solution. If they need to touch a large portion of the data, this isn’t as useful.

Edit: another nice bit is that you could log on the network share (at your location) which of the customer data they’re accessing and when. If you ever want to audit, and see them accessing things they don’t need, you can take action.

I think the next best solution is the VDI one, where you run a compute at your location, and they have to remote into it. If they screen capture, they’ll still save off whatever data they access, and if they have poor, or inconsistent, connection up your network it’ll affect their ability to do their job (and depending how far away they are it might just be super annoying dealing with the lag). On top of that, it’s dependent on how locked-down they need to be to do their job. If they need general Internet access, they could always attempt to upload the data somewhere else for them to pull it. If your corporate network has monitoring to catch that, you might be okay, but otherwise I think it’s a lot of downside with a fairly easy way to circumvent.

I’m not the most up to speed on TPM’s, but does it have the capability to directly do network access in order to pull the key? Otherwise, you’re going to need the regular OS to get it to the TPM somehow, in which case that’s the weak link to pull the key instead of ripping it from the TPM itself.

And once they have the key once, how do you enforce them having to re-request it? Is there a reason that that point they couldn’t just unplug from the Internet (if even necessary) and copy the entirety of that drive/partition somewhere else?

I’m continually shocked by how often I learn of some structural systemic issue, pull the thread to see where it started and- oh, surprise, it was once again Reagan.

And corkscrew genitals

Oh shit, I’m sorry. I misunderstood what you were saying, I thought you were referring to them purchasing and running their own physical server hardware as opposed to running their servers off of a cloud platform.

That’s kinda a weird take, since the private server model was the only model until 10 years ago or so. Companies definitely know it. It’s just not financially efficient comparing to benefiting from economies of scale with hosting. Plus you don’t lose a ton of money or piss of players if you over or under estimate how popular the game will be.

Had they gone with private servers here, they would have lost even more money than they already have. The problem here is they spent too much money on a game no one wanted to play, chasing a fad that ended before it launched.

Microsoft has fired two employees who organized an unauthorized vigil at the company’s headquarters

But they contended that Thursday’s event was similar to other Microsoft-sanctioned employee giving campaigns

Seems like employer approval is an important piece.

But I think the most interesting part of the article is

Nasr said his firing was disclosed on social media by the watchdog group Stop Antisemitism more than an hour before he received the call from Microsoft. The group didn’t immediately respond Friday to a request for comment on how it learned about the firing.

One note on “sick” being slang for “good”: that particular slang started in the 80s, and some of the younger generation consider it to be old person slang.

I’d say it’s not just misleading but incorrect if it says “integer” but it’s actually floats.

Yeah, at least the Elden Ring has, don’t think I’ve seen the others

I actually looked into this, part of the explanation is that in the 80s, Sweden entered a public/private partnership to subsidize the purchase of home computers, which otherwise would have been prohibitively expensive. This helped create a relatively wide local consumer base for software entertainment as well as have a jump start on computer literacy and software development.

Also made the switch not too long ago, only using Manjaro. Steam’s proton had gotten extremely good at playing Windows games, so there’s a good chance that it could run your old strategy game.

You might already have this on your set-up, but having wine auto-launch for Windows executables has been fantastic. I regularly pull and run Windows executables without really giving it a second thought, and so far it’s generally “just worked.”

🫡

I think it’s used more often in computer science, but the difference between contiguous and continuous. Continuous means “without end” and contiguous means “without break.”

See also, defenestration trilogy

Gas-filler. There’s a couple states in the US where you aren’t allowed to pump your own gas, someone else has to do it for you, and you’re expected to then tip them.

The job is essentially getting me to pay to be inconvenienced. I’d prefer to pay to let me pump my own gas.

Exclusives are anti consumer