It can often improve performance and memory latency and usually only has a minor CPU performance impact as it trades cycles waiting for memory for cycles decompressing memory. It is usually decent even on low power embedded devices.

There are a few edge cases where ZRam is not great. If your data is already compressed or encrypted copying it around in memory is much more expensive. It’s also harder to tell exactly how much data can be loaded into the “free” memory. It’s also a bit slower for serialized memory access in large data sets if the compression ratio is low.

It’s not well explained for sure but judging by the names of the cookies I bet those store the consent (opt in/out) values for the other tracking options. Another way of putting it would be those are functional cookies related to the cookie consent form itself so that you don’t have to re-select consent options every time you visit the site.

From what I’ve read is not authentication bypass, it’s a RCE using certificates to deliver the payload. If a specific signature is found it runs the code that was sent in place of the signing public key. It also means that only someone who has the ability to generate that specific key signature could use the RCE.

There were some other bits that looked like they could have been placed to enable compromising other build systems in the future when they checked for xz support.

If filesystem UUIDs are IP equivalents. Then device paths are MAC addresses. FS labels are DNS. Device mapper entries are service discovery.

The reasoning is that it is not illegal to fake most student ID cards but it is a federal offense to fake or alter government issued ID documents.

That way if it becomes an issue they can just pass it on to the authorities as their problem.

“Invalid” or “unparseable” are more understandable descriptors in normal language. I don’t think I ever heard of garbage/junk being used for that in language theory but it may be domain specific usage.

It can still have issues with potential attacks that would redirect your client to a system outside of the VPN. It would prevent MitM but not complete replacement.

Likely you needed to include the intermediate cert chain. Let’s encrypt sets that up automatically so it’s quite a bit easier to get right.

Initrd contains the systemd binary and enough libraries, services, and kernel modules to get booted this far. The system failed at switch root which is where the real root disk is mounted. Initrd can contain as much or as little as needed to get a working system which can be a lot of you are using a network filesystem as a root for instance.

The plastic and wire twist ties that come on cables would work too.

The expression syntax for the GNU find command is very powerful. I would expect that it is up to the task. If you don’t have the GNU find command with it’s extensions I could see how it’s would be difficult.

If you want an automated system that can protect against ransomware your backups need to be hosted in some way where the backup server has control of the retention and not the client (NAS, local disk, etc are not sufficient). If your NAS supports automated snapshots that can’t be deleted by the backup user it can mostly fill this gap but may need to be checked for how it handles snapshots when the disk fills.

For self-hosted solutions I’ve used BURP, Amanda, and Borg backup in the past but have switched to Proxmox backup server as my VMs all run in Proxmox. You still need to consider full disaster recovery scenarios where both your primary and backup system fail. For this PBS sports both tape and remote server replication.

There are also many cloud solutions that do this automatically. For cloud I would always use them in tandem with some kind of local backup.

For all of these they should have an admin account that has strong protection and doesn’t share credentials with any of the primary systems.

They fail because you can’t trust a machine that an adversary has in their physical possession.

Software running on an untrusted computer can have code and memory injected or modified without modifying the executable files. Binary executable files are by necessity readable and someone with enough time can parse through them to fully deobfuscate and figure out what they are doing. Anti-anti-cheat systems basically perform the same code as the anti-cheat but slightly modify the result to hide the cheating. This can be done either by code swapping in the anti-cheat or at a higher level. If the anti-cheat system is looking at which processes are running then have the system feed it the real list of processes with the cheat processes removed… etc.

Trusted computing requires hardware level monitoring, validated certificates, and zero vulnerabilities since the time the certificate was provisioned. In addition, current technology would also require those base certificates to be regularly rotated and device decertified if it didn’t rotate in time to prevent physical offline hardware attacks on the certificate data. Even game consoles don’t have this level of platform trust and are often physically modified to enable cheating/piracy.

The only successful way to prevent most cheating is to run the simulation entirely server-side and then only send data to each client according to what they should know. Even then you won’t be able to prevent assisted cheating like aim-bots or texture replacements.

You can still enter audit mode and change some registry settings to switch to a local account. Last time I did an 11 install on a device with Wi-Fi it also let me create a local account after trying to continue with a blank password a few times.