“In general, your GOG account and GOG content is not transferable. However, if you can obtain a copy of a court order that specifically entitles someone to your GOG personal account, the digital content attached to it taking into account the EULAs of specific games within it, and that specifically refers to your GOG username or at least email address used to create such an account, we’d do our best to make it happen. We’re willing to handle such a situation and preserve your GOG library—but currently we can only do it with the help of the justice system.”

That’s a very fancy way of saying “we’ll comply with a court order”, which is what any business would do.
This is marketing fluff. DRM free is good enough reason to like them without framing them as fixing literally every problem with steam.

check out is the part where the actual sales transaction occurs. It really is materially different

Like a vending machine? Or the gas station? Or the grocery pickup, where I pay online?
What makes a human being present for me giving my money to a machine different if it’s a grocery store as opposed to one of those?

Sorry your experience sucks. Stores near me regularly have both open and the self checkout is invariably significantly faster. It’s not like I just didn’t notice that something I do several times a week actually sucks.

I’ve never understood the people who seem to not get that some people actually don’t mind scanning their stuff and putting it in bags, and insist that that’s the line between what the customer does and the employee. They also used to carry your groceries to the car for you, and you can also get them to pick everything up, bag it and bring it to your car or house. It’s not like the checkout process is the special part that can’t change.

Yeah, they want to save money by having fewer people get more customers checked out faster. I don’t really care since the part I like, getting finished at the store, happens faster.

Depends on the vendor for the specifics. In general, they don’t protect against an attacker who has gained persistent privileged access to the machine, only against theft.
Since the key either can’t leave the tpm or is useless without it (some tpms have one key that it can never return, and will generate a new key and return it encrypted with it’s internal key. This means you get protection but don’t need to worry about storage on the chip), the attacker needs to remain undetected on the server as long as they want to use it, which is difficult for anyone less sophisticated than an advanced persistent threat.

The Apple system, to its credit, does a degree of user and application validation to use the keys. Generally good for security, but it makes it so if you want to share a key between users you probably won’t be using the secure enclave.

Most of the trust checks end up being the tpm proving itself to the remote service that’s checking the service. For example, when you use your phones biometrics to log into a website, part of that handshake is the tpm on the phone proving that it’s made by a company to a spec validated by the standards to be secure in the way it’s claiming.

Package signing is used to make sure you only get packages from sources you trust.
Every Linux distro does it and it’s why if you add a new source for packages you get asked to accept a key signature.

For a long time, the keys used for signing were just files on disk, and you protected them by protecting the server they were on, but they were technically able to be stolen and used to sign malicious packages.

Some advanced in chip design and cost reductions later, we now have what is often called a “secure enclave”, “trusted platform module”, or a general provider for a non-exportable key.
It’s a little chip that holds or manages a cryptographic key such that it can’t (or is exceptionally difficult) to get the signing key off the chip or extract it, making it nearly impossible to steal the key without actually physically stealing the server, which is much easier to prevent by putting it in a room with doors, and impossible to do without detection, making a forged package vastly less likely.

There are services that exist that provide the infrastructure needed to do this, but they cost money and it takes time and money to build it into your system in a way that’s reliable and doesn’t lock you to a vendor if you ever need to switch for whatever reason.

So I believe this is valve picking up the bill to move archs package infrastructure security up to the top tier.
It was fine before, but that upgrade is expensive for a volunteer and donation based project and cheap for a high profile company that might legitimately be worried about their use of arch on physical hardware increasing the threat interest.

Yeah, it’s definitely faster, but I’m not sure it’s going to make too much of a difference for a Minecraft server.

With setting it up being a bit annoying by hand, I’d still rank the router option higher even if it’s a worse VPN. Otherwise you risk ending up in that yak shaving situation where you’re fighting with routing tables and DNS when you wanted a Minecraft server.

Oh for sure. What I meant was “check router for a built in VPN and use it if it has one, otherwise use wireguard because it’s the easiest”.

The specific VPN doesn’t really matter so much. The built-in one would be the easiest, so checking for a solution that took a few clicks is worth it. :)

I would use something like wireguard, or another VPN service you can host yourself if your router supports it natively.

From the looks of it Minecraft servers seem to have dogshit authentication, so using some form of private network setup is going to be your best move.

There’s literally an approved solution to the problem designed explicitly to solve the problem.

Install a transfer switch so you can disconnect utility power, switch to your generator and people can see the situation at the breaker.

If you don’t have one, you use something called an “extension cord” to run power to your important devices for the duration of the outage.
If you don’t know how to power a few appliances with a generator and some extension cords, you definitely shouldn’t be thinking you can use a dangerous cable that people who do know you should never use in the first place.

Yes, you minimize risk by being prudent and using reasonable and cost effective safety measures.

In a car, that’s things like seatbelts, airbags, and other safety features.

The equivalent for powering your house with a generator is the aforementioned transfer switch.

What you’re doing is saying that driving a car without seatbelts or airbags is perfectly safe, you just need to not get in an accident.

Stop powering your house with a generator plugged in via the dumbest possible cable and just install a fucking transfer switch. They’re not expensive and it keeps you from needlessly endangering people, or even just having a preposterously dangerous cord laying around.

Just because you didn’t get hurt doesn’t mean it wasn’t dangerous.

There’s a reason the people who write the fire and electrical codes say that if you need to do something like that, you need to have a properly installed transfer switch.

Most of them are mediocre. Most burger places were mediocre, and then the American gastropub trend saw burgers being made nice as opposed to diner food or bar food. They could also charge more money because they were making nicer food.

Eventually a bunch of the mediocre places shifted to try to also be nice, but mostly just increased prices, changed decor, and started using the word aioli more than mayo. Oh, and pretzel buns on burgers that got taller without being bigger and are cumbersome to eat.

In the plus side, if you like a Swiss burger with a garlic aioli, a burger with a fried egg on it, or a burger with 2 pieces of bacon, a spicy BBQ sauce, and fried onion strings and you’re in the mood for some fries with bits of peel on them and a garlic Parmesan butter, then you know exactly what they’re going to put in from of you and exactly what it’ll taste like.

Mediocre. Not bad, but definitely not the best you’ve ever had.

Someone near him has recorded it on their phone if he has, and is just walking around numbly aware that they have the Nixon tapes sitting in their pocket.

They’re using tap to pay, and having the stark reminder that they just bought a sandwich with something that could change the election be on the news for 30 minutes because no one expects him not to drop a hard N in casual conversation so it’s not as noteworthy as a woman politician laughing in public.

I wasn’t mocking your argument, I was agreeing with you and clarifying that my feeling was about who I’m most “irritated” with, not about responsibility or legal culpability.

My example was for simplicity, not mockery.
The power going out is the power companies fault, so I’m most mad at them. The store didn’t have a generator because they trusted the power company, so my cake got ruined. I’m still mad at them but less so because they weren’t the cause of the problem, even though they could have done more to prevent this from impacting me.
Culpability wise, I can only make demands of the store and hope that enough other people do so that they in turn demand answers from the power company.

There are actually a fair number of certifications, including ones from government agencies, relating to software development, deployment, and related practices. That so many organizations didn’t have the ones relating to protection from supply chain issues is distressing, to say nothing of it slipping through quality control in the first place.

Please, if you think we’re in a place in this thread where I’d be mocking you, re-read it with the understanding that I agree with you entirely on legal and structural issues, and at most just have a different opinion about where the balance of "fuck you"s go. I think I put more scorn towards the vendor because doing the thing is worse than failing to prevent the thing. Also, I work at a parallel company and so I’m more familiar with exactly how much you have to be fucking up for this to happen because I spent the last three days dealing with the more minor controls that prevent this from happening. Everyone has outages because you can’t prevent 100% of errors, but it’s on the vendor to build to the spec of their most sensitive customer and ensure that outages don’t keep a doctor from patient records.

Can’t fault you for feeling that way. I definitely don’t think anyone should be exempt from responsibility, I meant blame in the more emotional “ugh, you jerk” sense.

If someone can’t fulfill their responsibilities because someone they depended on failed them, they’re still responsible for that failure to me, but I’m not blaming them if that makes any sense.

Power outage or not, the store owes me an ice cream cake and they need to make things even between us, but I’m not upset with them for the power outage.

I’d love to know how you plan to do user mode packet filtering. Keep in mind that on Linux, the designated API is inherently kernel mode. https://netfilter.org/

This isn’t one of the cases where we’re talking about Linux being superior to windows. Any OS will be fucked if you give it a mangled kernel module. In this case, it’s just that only one got one.

Your perception that anything that touches the kernel is an intrinsic security risk is unfounded.

I mean, sure. But typically operating systems don’t expose that type of information to user space, instead providing a kernel interface with user mode configuration.

It’s why they use the same basic approach on mac and Linux.

The kernel is responsible for managing hardware and general low-level system operations. Anything that wants to do those things needs to get itself into kernel mode one way or another.

The typical way you do this is called a “driver” and no one thinks about them as being kernel code. Things like graphics cards and the like.

Things that want to do actions like monitor network traffic or filesystem activity system wide or in a lower level capacity than the normal tools provide also need to be kernel level.
In a security context, that specifically would include things that want to monitor raw packets rather than the parsed content that assumes the packet is well formed in a way that a malicious one might not be.

Cloudstrike does the same thing on Linux, and the typical tools for network management or advanced security are also either compiled in or loadable kernel modules.
It’s easy to forget that ip/ebtables and selinux and friends are kernel level software frequently distributed as kernel modules, in the case of the firewalls, or compiled in with a special framework and not just user mode software.

Also, it’s less about “their” drivers and more about what a kernel module can do.
Saying “there’s no way to know” doesn’t fit, because we do know that a malformed kernel module can destabilize a linux or mac system.

“Malformed file” isn’t a programming defect or something you can fix by having a better API.

Security operations being one of the things that is often best done at the kernel level because of the need to monitor network and file operations in a way you can’t in user mode.