op is creeped out not by science, but by the possibility of per-building analysis

I think their point is about mandating in construction code to have per-house wastewater analysis devices

its funny how the up and down votes are almost in sync for all comments.

let me clarify for everyone: email is not needed for a selfhosted setup, and shouldn’t be. I am in doubt that the majority of selfhosters run mail servers.

I think there’s some linux command to query the installed keys, but here I have only found the command for listing all the installed mok keys: https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot

I can boot into Windows through the BIOS using only the MS-signed bootloader instead of GRUB or any chain loader, and Windows itself considers Secure Boot to be enabled successfully.

I assume that’s because your motherboard still has the microsoft keys installed besides the MOK keys, and it verified the bootloader with that. thats why it accepts the ms signed bootloader. as I know not all motherboards allow removing it, and there are a few buggy ones that get hard bricked if you do that.

Microsoft provides SB shims for some linux distributions, so it wouldn’t mean locking out all linux players.

right, you can look at it that way too. but what the consumers see (and feel) is that the game tells what kind of software you can have, even when that is not related to the game. and that’s what’s not usual.

this is less obvious on windows, because it’s not that common to be modified by users in a way that matters here, as the checks are kind of loose, but on android it’s quite different, and windows is likely to get the same treatment, which is the reason why valve is pouring so much money into linux

these games only accept the secure boot setup where the root key is that of microsoft’s. that means that you either need windows with a pre-approved configuration in some regards (notable difference: any foss kernel drivers are nono because they won’t ever be signed) or a linux system for which microsoft gives a secureboot shim with whatever further restrictions.

the consequences are more obvious if you look at android as an example. It’s not called secure boot there, but android verified boot, and the turning off of it is called “bootloader unlocking”. very few phones support installing your own signing keys so you can’t take advantage of it with a bloatless android distribution. but even on phones that do, there are many apps that require a locked bootloader with the factory keys, including banking apps, nfc payment apps, government apps (including those that are required to access the online government account), entertainment apps with strict DRM, …

its like you are intentionally trying to misunderstand what they are saying, good work at it. Obviously, they didn’t deem SB and TPM unusual, but the types of software (entertainment industry products) demanding it while the software of the security industry does not.

but it’s not a pointless requirement or some grand conspiracy to make people buy new hardware.

consumers won’t benefit from this functionality, but many industries will in the foreseeable future

start going down the technical path with Linux to extend the life further.

linux won’t fix this kind of shit, because this is about an arbitrary limitation of wanting to lock the owner out of their own system. these malware companies won’t ever recognize a free linux setup as “verified”

TPM is enterprise functionality, useless for most consumers. useful for locking down control ower hardware against “unathorized personnel”

Secure Boot is not enough for these malware. They want SB rooted in MS keys. You using a Machine Owner Key? Too bad, go away! they say

all they want is get more control over your hardware, and less of it for you

who said they do?

the tpm does not add any security whatsoever for windows 11, and secure boot is being used to lock your control out of your own system. secure boot enabled with machine owner keys wouldn’t be enough either for these games

everyone else will use this crap, and dumb people will be happy

bad librewolf, shame on them for not paying the tax

Tailscale is wireguard with automatic configuration. OPs problem will remain: it needs an app

set up a tailscale client on their networks, and set up a reverse proxy on it for your services. then you can just point these tvs to the local proxy

high speed, stable, reliable internet also needs those holes, so that’s not really a problem. sure, today it’s better to build the house so that there are tubes in the walls for the cables

wow, how did you find out?

that warning was not at all prominent, and as others have said, t does not exist anymore on modern android