Oh, well, if it requires a password that is pretty much solved. The original commentor made it seem a lot less hands on.

I was under the impression that the shim let OS’s boot all the way up, and that it was just a standard part of the boot process, I was suggesting instead that the signed binary only let’s you add a new key, which you can then use to boot without the shim.

Doesnt help when the key expires though.

Thanks for the additional info, greatly appreciated.

Having read up a bit more on mokutil, seems that it doesnt enroll the key by itself, but gets the uefi firmware to prompt the user to add the key at next boot. Which in theory gets around the malware risk, although given how many people auto-click accept, maybe not.

The other way keys could be securely installed would be for the distros to produce a uefi “addmykey” binary, with their keys baked in to the binary. They then get that signed by the MS key, which would allow that image to boot and setup the key without ever disabling secureboot. You wouldnt need to have a trusted PC either, as if the binary was tampered, it wouldn’t boot.

100% agree on the risk profile though, far too many people think they are more important than they really are. Realistically, most of us aren’t worth the effort to individually break into our computers.

I personally dont think MS did it out of maliciousness, more indifference. They wanted the security benefits, and didn’t care what it cost others. But we’ll likely never know what their true intent was.

I dont know how the bazzite script does it, but any tool that can be executed from userspace that could add keys could just as easily be abused by malware to add their own signing keys, which completely defeats the purpose. Edit: see princessnorah’s comments below for more details, but it is a lot more hands on, which prevents malware abusing it.

In an ideal world, Redhat, Canonical, Suse etc could have gotten their verification keys built into every motherboard, but that still cuts out the Arch/Gentoo/flavour-of-the-month crowd. And also increases the risk that a signing key gets leaked and abused by malware.

Its just not an easy problem to solve.

That should exactly fix the problem.

The real issue is that by default, if secure boot is enabled, you won’t be able to boot up into bazzite or whatever in order to run that command.

So the user experience will be worse now, because instead of just installing and running, Linux users have to disable secure boot, boot and install their distro, run that enroll command, and then reenable secureboot. And lots of people are going to give up at step 1, and leave secureboot off.

Unless your trying to make anime friends, in which case, let your freak flag fly :)

I’d put attack on titan in the second category as well, seems like it had broader appeal.

At a minimum, would be nice if the speed got limited to 10mph or something, so you can drive it off the road safely.

My mate had the same issue with his car keys. On the roof, he shut the boot, it slid down and jammed between the boot and the window.

Unfortunately, he didn’t have keyless go, and couldn’t open the car either, so we were quite stuck. Ended up using a coat hanger to pull it out luckily.

Yes, but not always.

I was messing around in the garage, and put my phone down in the little gap below the windscreen wipers on my car. I forgot it there, hopped in the car, it paired, and away I went. Fortunately I habitually check my pockets, and I noticed it about 3 kms down the road, and before I got on the freeway.

More or less yes, but getting it dry will take longer.

https://www.businessinsider.com/guides/home/how-to-wash-clothes-in-sink-while-traveling#step-1-choose-the-right-travel-clothes-1

Soaking the stain in water asap (before it dries) will go a long way.

Now? Its always had a bad reputation (especially in the western world), but mostly due to the fact that the people who like it the most were awkward nerds.

Haven’t used USB for this in years, USB flash drives just aren’t reliable.

Maybe worth trying a USB SSD, it might give you much better performance and reliability.

This would probably gather more attention if they dropped the pointless X11 qualifier. It works on Wayland, so really, its just a cool desktop widget

Squid proxy, replace all images on those domains with penis enlarging ads. He can then read whatever he likes, but he has to put up with that.

https://pete.ex-parrot.com/upside-down-ternet.html

I’m gonna prescribe you 5 minutes of touch grass

I dont buy the cost excuse at all. A few traces and some more smd components do not add up to a significant cost saving.

SD cards are slow compared to modern smart phone storage, so thats really not really a solution either.

That could be a tricky one to detect, lots of people (including OP) have accounts on different servers.

The organiser is based in belgium, how do you know this isnt a scam?

But the more important question is, why can’t we have both replaceable batteries and proper usbc/desktop mode? The FP5 fit them both in, and then for 6 they just downgraded it for no real reason.

If they come out with a fp7 that fixes this, I’ll reconsider then, but right now, I’d rather get another glued together Samsung and actually have fast USB storage access.

Bummer. I think I am out of ideas, sorry I couldn’t be of more help.

Fp5 managed to have both, they arent mutually exclusive features.

And battery replacement is a once every 2-5 years event, if I had to pay a professional (or ifixit) every few years thats fine with me. I replaced the battery in my Samsung s10 with a ifixit kit, its really not that hard. Its not on-the-go swappable, but battery banks exist for that.