Our valued sponsor

Seeking Expert Advice for Securing My New Lenovo Laptop

this is just yet another company that flashes Coreboot on laptops made by Clevo.

View attachment 7912

I've seen like a dozen of companies doing very same, how does Nova differ from System76, Viking Computer, ThinkPenguin and all other "privacy friendly" resellers of Clevo?
Purism at least tries to build their own laptops, not simply resell the chinese ones.

From that perspective yes...but they are geographically uncorrelated to North American customers, accept crypto as payment, and last time I checked offered more configurability and a lower price than some of the competition. Of course, one can always find a compatible machine (new/used) and perform a DIY install of Coreboot.
 
sorry for the offtopic.

The server machine is DELL EMC R960 with PERC H965i;
I have checked PERC H330 and it definitely does not run Linux, no any mentions at the boot time and nothing looking like Linux in the card's firmware.
however PERC H965i could have Linux inside as it is much more powerful than H330 and built on a different CPU architecture - ARM rather than PowerPC in H330.
please make a screenshot when you would reboot this server or any other server with the same card, it will be fun if it really runs Linux.
 
this is just yet another company that flashes Coreboot on laptops made by Clevo.

View attachment 7912

I've seen like a dozen of companies doing very same, how does Nova differ from System76, Viking Computer, ThinkPenguin and all other "privacy friendly" resellers of Clevo?
Purism at least tries to build their own laptops, not simply resell the chinese ones.
you say this is who produce the Lenovo computer ?
 
secure it against what?

why using protected drive(i guess that is a container) with VeraCrypt? do full disk encryption.
password protect your bios(different password than the one for vera).

antivirus any would work, even windows defender.
i recommend doing random internet browsing in vitual machine, or windows sandbox.
consider installing comodo firewall.

that's about it that you can do.

you can also ask @0xDEADBEEF and @mraleph
It generally helps, if nothing else, to ensure that no one in your immediate circle or other non-technical but curious individuals can find your documents.
 
And in this thread, it's sad to see that there isn't a good summary of how to secure your laptop. It feels like the old saying "too many cooks spoil the broth"... It would have been nice to have a bullet-point list of what you can do to secure your newly purchased computer, whether it's a laptop or a desktop.
 
And in this thread, it's sad to see that there isn't a good summary of how to secure your laptop. It feels like the old saying "too many cooks spoil the broth"... It would have been nice to have a bullet-point list of what you can do to secure your newly purchased computer, whether it's a laptop or a desktop.
secure from what, a random thief? Russian hackers? IRS? other 3-letter guys?
there is no universal solution and each threat requires different countermeasures.
 
secure from what, a random thief? Russian hackers? IRS? other 3-letter guys?
there is no universal solution and each threat requires different countermeasures.

There are no significant conceptual differences between the safety risks among various end user profiles. In all cases, defensive strategy relies on OPSEC and specific mitigation. No magic there - only intelligence thu&¤# and countering it - a little bit of denial and a little bit of deceit.

General risks for any end user profile are loss or theft of a device carrying data and being used for authentication. End user may deploy complex authentication and authorization models or efficient encryption models in order to deny the information to adversary. In order to compensate the effective loss of those data and authentication models, end user should have a backup. No magic here - it's all about layers and depth. And an insurance policy that covers the risks.

Here comes the differences after conceptual similarities - a thief that stole or another non-ethical civilian that found lost device will probably not come to end user to extract data - they will reset device, use or sell it. But, the adversary will have an intelligence set with all identity and location information about their person-of-interest/target and will extract the information either thru complex HUMINT and TECHINT operations or a primitive but efficient interrogation. Never use authentication methods based on something you are - if bio-metric authentication is used, time to access protected content is quite short. The optimal for authentication mechanisms is to deploy something you have and something you know - a MFA solution where physical parts of the someone's body aren't at mutilation risk :rolleyes: where somebody's brain has less processing power then washer machine's CPU. Those differences stem from the value of that person-of-interest/target and information it knows/carries/has access to.

I know that there is moderator here writing about binary, but, it may be a simple coincidence - so I'll quote myself

Safety is not a binary value but a multi-dimensional spectrum resulting from a constant protection against plethora of threats and vulnerabilities.

So, everybody should ask critically themselves how important are they before they ask question about how some product or service is secure.

It's not a point that @EliasIT should have accepted to use other O/S. I don't like Microsoft ns2 But it can be re-configured to be decently safe. And I believe that everybody contributed to his aim and needs.

When some laymen - outside of contractual NDA - ask you about what should be used for communication, you can't answer and offer enterprise, government or military solutions.
Ignore the standards - they exist only for the laymen and to compensate their lack of knowledge and abundance of fear.
Above all, civilian population, however educated, still don't know of all the risks and threat vectors they are exposed. And to compensate that, well, is not only a budget problem, but also deployment legitimacy and an acceptance from the client. What they want to protect and should that be even considered for protection.
Like a defense attorney, the client need to declare the truth to the best of his/her/its knowledge so that we can comprehend threat and risk model and devise a strategy.

sorry for the offtopic.


I have checked PERC H330 and it definitely does not run Linux, no any mentions at the boot time and nothing looking like Linux in the card's firmware.
however PERC H965i could have Linux inside as it is much more powerful than H330 and built on a different CPU architecture - ARM rather than PowerPC in H330.
please make a screenshot when you would reboot this server or any other server with the same card, it will be fun if it really runs Linux.

Happily :rolleyes: we have a PERC failure ns2 in one of the server machine's fleet and the defective module needs to be replaced during next business week. I recalled this discussion and a tux fin4774" so issued a request to our personnel to make screen video during new PERC setup ;) hence will post somewhere in future.
 
  • Like
Reactions: 0xDEADBEEF
General risks for any end user profile are loss or theft of a device carrying data and being used for authentication. End user may deploy complex authentication and authorization models or efficient encryption models in order to deny the information to adversary. In order to compensate the effective loss of those data and authentication models, end user should have a backup. No magic here - it's all about layers and depth. And an insurance policy that covers the risks.
Very good explained, simple to follow.