Comments by "Edward Cullen" (@edwardcullen1739) on "Louis Rossmann" channel.

  1. Yeah, it's falling down? If it was any nicer, you couldn't afford it!
    90
  2. I've been through the mental transformation that Louis talked about - taking responsibility for myself, believing that there are things about my life I CAN control. I'm not rich, but I am VERY comfortable financially. Yes, the past 5-6 years have been INCREDIBLY painful.
    41
  3.  @ReeseGhost  Be quiet, the grown-ups are talking.
    28
  4.  @rsman23  Grow up.
    24
  5. Yeah, 12-13 was the assumed target audience for me... ... But having worked tech support, I wouldn't limit it to that group 😂
    16
  6. Louis has got me thinking about learning more about electronics... Given that I'm a software guy, this is almost sacrilege 🤣
    15
  7. Yeah, but the point of the licence in NYC isn't too enable people to do business, it's as Louis describes: to stifle competition.
    14
  8. This is why I have 0 respect for anyone who buys - and prominently displays - their Apple product.
    11
  9.  @kamranki  People get the masters they deserve. Once we're living in a Corporatist dystopia, I'll make sure to say "I told you so", before their hit squad comes for me.
    10
  10. For me, it's the frustration that "those in charge" are utterly incompetent, and seem to revel in preventing others from doing anything*... Combined with the knowledge that *so many of these problems have been solved and need little more than a modicum of will to effect.
    10
  11.  @Lostcontroller  It used to be called "Personnel Department". I don't have the faintest idea why it changed. In the UK, the professional HR body is still called CIPD - Chartered Institute of Personnel Development. I guess "personnel" implies that every employee is an individual...
    8
  12. My opinion that Apple is an evil organisation is not adjusted by this story... 😒
    7
  13.  @ExpatZ266  This is a very bad take. There is no such thing as "perfect security"; by your logic, there's no point having any security features on any device. AS WITH ALL SECURITY, it's about raising the bar; making it more difficult to complete a successful attack. This feature targets supply chain attacks, where a hostile actor intercepts hardware and modifies it. Without this feature, an attacker could simply flash the BIOS. With this feature, then must now also replace the CPU. Given that CPUs include their serial number internally, it's easy to verify that the CPU that left the factory is the one that arrived at the customer. Full hardware-to-software chain of trust is the future and there's no way around it - without it, Secure Boot is meaningless, reducing Secure Boot to security theatre...
    7
  14. My bro is an outlier - is smart (has a proper, hard-science degree) and works in HR. His experience of UK is: 1. Businesses often have terrible recruitment processes and systems. 2. Sometimes, it's not the HR/recruitment team failing, but the people doing the actual hiring (managers must interview, otherwise it causes problems down the line...) - he's had managers wait 2-3 weeks to get back to someone to offer an interview, then been all surprised Picachu face when they're "no longer available"... 🤦🏻‍♂️
    6
  15.  @rsman23  Mate, this is about decorum. This video is a serious subject; it's really important discussion and advice. Your comment was puerile and done entirely for your own benefit. It was childish in the extreme. I'm all for trolling, shit-posting and having a laugh, but there's a time and a place and this ain't it. You're simply upset I called you out. Get over yourself; grow up.
    6
  16.  @rsman23  Also, slander is spoken, written words are libel. A statement is only defamatory if it ascribes, as a matter of fact, something which is not true. "Grow up." is an instruction, not a statement of fact, so, de facto, cannot be defamatory. Even if you take the view that it implies something that is defamatory, this is easily countered by the typical usage of the entreatment; it is an expression an individual's opinion that another's behaviour is "childish" or "unbecoming of an adult". Because this is exactly what it is; an expression of my opinion.
    6
  17. You must be new. Welcome! You're in for a real show! 😂
    6
  18. This, so much, this! Realised a long time ago Apple were a bit sus, am now convinced that they truly are evil... Like "people exist to but Apple products", not the other way around...
    5
  19. If you're not failing, you're not trying hard enough...
    4
  20.  @bufordmaddogtannen  Sometimes, not even that! I've had comments blocked from being posted AT ALL! (And no, I'm not the kinda guy who drops n-bombs...)
    4
  21.  @timharbert7145  Your comment is ambiguous. If the ftards are the government, I agree; the "COVID crisis" will "never end". If you're talking about the population in general, then you clearly don't understand the first thing about virology/epidemiology. This virus is now endemic; by definition, it will never go away. It spreads too easily, but it is not deadly enough to "burn itself out" and we know that the vaccine only prevents serious illness, not any infection at all...
    4
  22. Pay 10's $1000s to be told that you're inherently evil and there's nothing you can do about it...
    4
  23.  @samuelmatheson9655  Nah man, more accurate description is "corporations buy corrupt politicians to pass laws favouring them and their evil practices."
    3
  24. The point of this feature is defeat supply chain attacks. If the machine leaves the factory without this feature enabled, you may as well not have it at all. Any way of disabling it defeats the purpose.
    3
  25.  @niyablake  Good point. What people are failing to ask is "Who buys the most Lenovo computers, Consumers or business?" Security is all about weakest link. What's the point in super-secure hardware in the DC if it can be compromised by someone putting a USB stick into the receptionist's computer when they are distracted? Or how secure is your network if the machines used by your admins are compromised? The issue here is that Lenovo is the first to make widespread use of this feature because of who their customers typically are, not that they're using it or that it exists at all. Louis is kinda right, but his lack of experience in security has led to a bad take and proves why security is as god-awful as it is generally; security is trumped by all other considerations. Whether it's Jayz2cents advising people to disable Windows Update 🤦‍♂️ or people misunderstanding a feature that may potentially, one day, maybe, mean buying second-hand parts will be more difficult or expensive, people just don't care about security or other people, they only care about money and themselves. One thing that people just aren't aware of is that this kind of thing is going to be standard sooner, rather than later. There's a good reason for that and it has nothing to do with "vendor lock-in".
    3
  26.  @heron5045  Yeah, but it isn't. It demonstrates a failure in understanding of: 1. The purpose of the feature. 2. How Secure Boot and Bitlocker works. 3. How machines are manage in a corporate/enterprise environment. The purpose is to defeat supply chain attacks. New keys can be loaded into the TPM and Bitlocker has a recovery password system (e.g. to allow a legitimate user to move the drive to another machine in case of hardware failure). A new machine will be re-imaged using a standardised installation source, meaning that Bitlocker would be set up after an attack took place. In practice, this idea would just make the feature pointless.
    3
  27.  @majstealth  Delphi is derived from Pascal. COBOL is one of the "original" programming languages, together with FORTRAN and a few others.
    3
  28.  @wcvp  Was with you, right up until you started dissing the cats. Cats are what the Internet was made for. Now go to your room and think about what you said!
    3
  29. YES!!! I am studying with Nigerians. They've literally just been telling me how corruption is destroying their country!
    3
  30.  @BrutusAlbion  Thanks to Brexit, farm labourers are now being offered as much as £30 an hour. "Mass immigration does not suppress wages." My arse! The EU is a Corporatist cartel, intended to keep the poor, poor. Not that they're replacing the EU workers with African migrants, coming by the boat-load...
    2
  31.  @jeanfrancoisdutremble9022  People's Republic of Canadistan
    2
  32.  @shy8054  No problem, I can see the lack of clarity in what I wrote... The definition of "Capitalism" was created by Socialists (may have been Marx, but I don't remember). The point is, that it strongly emphasises all the bad things, without being fair/accurate about all aspects - it was created expressly for the purpose of saying "Capitalism bad, Socialism good." My point is that the Marxist definition of Capitalism does not match the Adam Smith definition of "the free market". What we live under today isn't the free market either - it's a degenerate form (warned about by Smith...) where corporations effectively control the politicians who are supposed to be keeping them in-check.
    2
  33. "Anyone could have done this." Is what I constantly tell myself and the only way I can't fight it is to remind myself "yes, but nobody did". Only way I keep my imposter syndrome in check...
    2
  34.  @jerrylove865  To build a chain of trust, every component must be verified/verifiable. You'll notice that one aspect of the chipset is full memory encryption. Without this, someone could, at the hardware level, inject code/data into the system. If the CPU is not part of the verification chain, then the security verification can be spoofed or circumvented.
    2
  35. I'm can't wait for them to be available in the UK! Hopefully there will be more options available when they do. I know for CERTAIN that I'm going to buy one in the first wave, regardless and will IMMEDIATELY get an AMD-based system too - even if it's only 6-months later!
    2
  36.  @powerwam024  Takes a big man to (publicly) admit fault. Genuine respect 👍
    2
  37. You mean, "one of the 2 date ordering methods which are logical"? 🤣
    2
  38. Watching another professional losing his shit at someone else's piss-poor work is strangely therapeutic...
    1
  39. On battle at a time 😉
    1
  40. Hah! You're all amateurs! Put a guy on a plane with a suitcase full of disks, because THAT'S how much data you're working with! 😉
    1
  41. This is a great example of strategic thinking. Well done Louis!
    1
  42. Or becomes mayor...
    1
  43. "We're in Albany." 🤣 Says it all.
    1
  44.  @_PatrickO  or just mount it on the underside of the table?
    1
  45.  @QoraxAudio  🤣🤣🤣
    1
  46.  @herbstwerk  !0
    1
  47.  @shy8054  Free market enterprise != Capitalism (straw-man created by Socialists) Free market enterprise != Corporatism (where corporations buy-off the politicians responsible for ensuring the market remains free)
    1
  48. In principle, the French approach of making information available to consumers is good. Let the market decide. If people want to pay $100 less for something that can't be repaired, well that's up to them...
    1
  49.  @esenel92  Meh, there will always be ransomware attacks. Malware could zap the BIOS right now anyway... This is a countermeasure to a specific kind of attack and it doesn't open any new avenues.
    1
  50.  @jerrylove865  Notwithstanding the obvious straw-man argument, you demonstrate a lack of knowledge and understanding of how computer hardware works, the attacks that this technology is intended to defeat and how it is actually implemented. And actually, verifying the keyboard IS important, as there have been recorded instances of people injecting key loggers into the keyboard at a hardware level. But, dafuk do I know? 🤷‍♂️ If you think this doesn't pass the "smell" test, it's because you have zero clue what "good" and "bad" are supposed to smell like. Asking for a circuit diagram is just a loser move. It's a pathetic attempt to "win" an "argument" by demanding something you know cannot be produced. Oh, and this isn't an argument. This is someone who actually knows what they're talking about correcting your misconceptions. Deal with it. I'll repeat: the objective here is to defeat supply chain and firmware-level malware injection attacks by making the operator aware that an attack has taken place and to also make those attacks more difficult. To defeat this implementation, one would need to replace the CPU, which can be detected by manually confirming the CPU serial number (which is hard coded into the CPU). If the the verification hardware is on the board, then it could be defeated by modifying the board, as, ultimately, it would be setting a pin out to high or low. Unless, of course, the CPU does a cryptographic verification of some hardware component... Which would require that the key be included in the CPU... Which is precisely the implementation they have 🤦‍♂️ This implementation, because it verifies the loaded BIOS image cannot be defeated (or would require obscene investment to defeat), because the CPU is doing the verification. Replacing the CPU can be detected by verify the serial number, which is hard-coded into the CPU itself. You would, therefore, need to either modify the CPU or somehow get a new CPU and spoof the serial number. Or, somehow, convince the CPU to load one BIOS image but verify another... Plus, you probably should verify your HDMI cables, because there's no reason it can't contain a transmitter that is mirroring the output... But of course, you knew that already, didn't you? And the reason for memory encryption is to ensure that the contents of memory cannot be modified by anything other than the CPU. A modified board could, theoretically, arbitrarily modify memory contents (say, by overwriting the fixed location at which the BIOS is loaded into memory, AFTER the CPU has done verification...) The bottom line here is that teams of people, who, individually are smarter, better educated and more experienced in defeating hardware-level attacks, than you or I, have put a LOT of time and effort into this design. They neither put in superfluous features, nor left out features that need to be there.
    1
  51.  @jerrylove865  TL;DR version. You are a disingenuous ass who knows nothing about hardware security, but doesn't have the spine to admit it. Do you even know what a supply chain attack is? Do you even know what DMA is and how it has been used to arbitrarily modify memory using an external device? Dude, you've no idea what you're talking about. If the CPU does not do cryptographic verification, then the main board could be modified to fool it, as part of a supply chain attack. And before you ask, no one can tell you how to defeat a security measure that doesn't exist. Not even someone like Luke Jennings.
    1
  52.  @esenel92  This would only be an issue for this feature if you had customised the BIOS code yourself; in the example you give, this feature would have been unaffected, because the backup and "new" BIOS code would be signed by the vendor the CPU is paired to.
    1
  53.  @jerrylove865  Dude, YOU'RE the one who asked for a circuit diagram! You refuse to engage with what I say and are surprised when I call you disingenuous? I'm only responding at your level. I'll say it again, even though you refuse to let it sink in: WHERE the cryptographic verification takes place IS important. This is basic, basic stuff. You are proposing that the main board handle verification and then send a signal to the CPU that everything is okay. This is literally like someone saying they've cleaned the pans so you can start cooking, then you starting to cook without making sure. The pans could be clean, but they might not and whether you notice may be pure luck. With verification happening on the CPU, this is the equivalent of you checking all the pans are clean and refusing to cook if they're not. Or put another way: would you trust a site that claimed everything was kosher, without verifying the server certificate? I went back over your previous arguments, which I have already addressed, but you ignored: this feature can be "defeated" by replacing the CPU, yes, but the fact that the CPU has been replaced is *detectable*, because the vendor keeps a bill of materials of everything that went into the machine, including serial numbers. The point about memory encryption, which you clearly failed to grasp, is that the verification process either checks then loads into RAM or loads into RAM and then checks. The point here is that this is done by being passed through the memory encryption, so there's "no way" an attacker could use a timing attack to subvert the BIOS image once it's loaded into RAM. Again, I don't know what more to say. There isn't just one feature that provides "vendor locking"; there are a suit of features, all added AT THE SAME TIME and when one looks at what they do, it's trivial for even someone like me (who hasn't worked in hardware security for over 5 years) to see how they are complementary and interconnected. This is why I raised full-memory encryption. As to the final paragraph in my previous: as you had already, disingenuously, asked me to produce a circuit diagram, I knew that you would ask me to provide an answer to how I would defeat your hypothetical board-based verification, which we both know would be literally like asking me to tell you how long the imaginary piece of string you're holding is. Finally, I just wanted to check if you knew who Luke Jennings was. If you knew, then you might have something to say, but you clearly didn't, which proves what I suspected by your words: you don't have anything above a very basic level of understanding of security at either the hardware or software level, let alone how they impact each other. Stick to YouTube. Taking your "argument" to serious security researchers would get you laughed out of the room.
    1
  54.  @valdyrgramr  Not familiar with the product line, so will take your word for it, but yeah, completely agree - especially about the switch. Hate to appeal to authority, but I have experience in this. There's deep reasoning behind a lot of this stuff, some of which most people aren't aware of or falls into the "extreme" end of things - things like full-memory encryption. If you're not working in the security space, it won't make sense as a feature.
    1
  55. *is legally REQUIRED to compensate you for it.
    1
  56.  @xpusostomos  I mean, perish the thought, that government should actually give a crap about security 🤷‍♂️
    1
  57. A stopped clock is right twice a day. The EU consumer legislation does have some nice features, but a comfortable slave is still a slave...
    1
  58. Or maybe it's a feature their customers want, so someone can't come along and install a random WiFi card or USB dongle? Seriously, the complete lack of awareness of enterprise security in this comment section is depressing.
    1
  59. NSA plant, you mean?
    1
  60.  @maxlee6676  Yes, it's about incentive structures. Cat companies are optimised toward production of vehicles, so this is what executives prioritise. Or in other words: car mechanics don't contribute to the bottom line as much as selling a new vehicle does.
    1
  61.  @mdberg65  LOL, no, I didn't slam them for a TYPO, I "slammed" them for their childish attitude.
    1
  62.  @ReeseGhost  You pointed out a typo, I fixed it. And? You expect people to always read the sarcasm in text? Pot, kettle, black, much?
    1
  63.  @chrissedwick7748  Hmm... Interesting that you assume I was trying to be funny?
    1
  64.  @chrissedwick7748  Right. Because there's too much childishness in our society. Too many children being allowed to run amok and no adult is prepared to intervene to correct their unacceptable behaviour. But I guess that's just "cringe" or "being an ass". Maybe, I don't care what children think? 🤦‍♂️
    1
  65. The fundamental issue is VAT (sales tax) itself. Like all taxes, it impacts the poorest most; one may be exempt from income tax because you don't earn a lot, but you still need to pay VAT on a LOT of things that are deemed "non-essential". Of course, you see Luis, what you need is an accountant from a multinational firm that can handle all of this for you... for a price... And as for Boris... Get in line mate! He's got us out of the EU, just about, but that's it...
    1
  66. Since when does Visa get to set prices for your business? Moronic.
    1
  67. It probably is illegal...
    1
  68. If you can remove the battery, you can stop them from snooping on you...
    1
  69.  @remigiusznowak7277  🙂 It's almost like you can't "get away" with "just being good at one thing" anymore 😂
    1
  70.  @remigiusznowak7277  That's good. More knowledge is always better 🙂
    1
  71.  @Blue.Diesel  So true - Peter Thiel wrote about this in "Zero to One". Sure, if your product is truly knock-out better than others, you can carve out a share... But better to have a unique product and then build a monopoly 😂
    1
  72.  @jmw1982blue  No princes, only kangs!
    1
  73.  @alisaforster28697  Same. 🙂
    1
  74. Most self-made people do. It's the "professional executives" and those who got buckets of venture capital that give a bad name to the vast, overwhelming majority of small-business owners.
    1
  75.  @MrPir84free  This is the truth. In the UK 25 years ago, regulations would have a "small business exception" most of the time. The EU put a stop to that. All regulations apply to all businesses,, even if it requires specialist skill/knowledge/systems that only a "big business" can afford. Communists don't like free markets, to which I would answer "real Free Markets haven't been tried!"
    1
  76. Good to know you're not, in fact, a saint. 🤣 You're doing good work, keep going!
    1