I root my devices manually.

I'd rather unlock the bootloader myself (Nexus/OnePlus) and install the su binary I downloaded directly from ChainFire than run some utility written by someone whose reputation I don't know. I also download the su binary directly - not off of a fileshare or forum post. I don't take any chances when I'm gaining root to a machine.

I plan to disable all of these through group policy before win10 goes on any of my machines. I don't want to miss any or fat finger my way past one. My question is is this possible with a w2k8r2 active directory? I obviously won't find the win10-specific group policies on my DC's. If i install RSAT in my win8 machine (once released), will that work? Anyone tried this yet? Thanks!

I second this recommendation. I use OpenVPN for this purpose as well. You can either configure each individual client at location A to connect to your OpenVPN network or you can set it up on the router at location A (assuming you can OpenWRT/DD-WRT,etc firmware on it).

This doesn't pass the smell test. 20Gbps seems way too fast for wireless when wired (or fibered) 10Gpbs switch ports and NICs are so expensive. For example, this 10Gbps NIC is over $400: http://www.newegg.com/Product/...

    I must be missing something here...

Google Maps is the killer for me. If I could find a replacement I would consider CyanogenMod without gapps. What alternative maps program do you use?

Not understanding the concept of a file / filesystem is more common than I thought. My sister had a flash drive (with all of her autocad drawings for school) that got corrupted. After failing to recover it, I asked why she didn't back it up. She said her Macbook didn't have autocad so she couldn't save the files to it. She now knows the difference. :-)

I've seen a lot of posts in this thread about how people have massively hosed a system while logged in directly as root. I'd be curious to know exactly what command(s) caused the issue. I'm guessing some variant of rm or dd. How would sudo have prevented it? I log in as root directly when I know I need to do something that requires it. My root shell colors the prompt red as a reminder. I log out when I'm done. I think at the end of the day, not hosing up your system is best prevented by constant awareness when you're logged in as root or running something as root. You could just as easily trash your box with a mis-typed sudo command.

This is why I run Debian. I don't have time to troubleshoot my laptop and my server every time I update them. That being said, I'm kind of biased since I'm a Linux sysadmin for a factory. :-)

And thanks to everyone who does run Arch and posts their solutions on the Arch wiki. It's extremely helpful.

I've actually been thinking of setting something like this up. I want to load my own key into UEFI and sign the bootloader with it. I already use LUKS. Any recommended how-to's?

I updated Firefox on my windows machine and the Windows firewall dialog popped up and asked me to allow Firefox. I declined it. but WTF?! Why would a browser need to open up ports? This seems like quite a security risk. Anyone else seen this?

They should be sending out images via flashdrive (since most machines don't have optical drives anymore). Once a box is compromised the OS cannot be trusted again. And they should send them for free. This is a huge breach of trust.

I used to be a big fan of Lenovo's Thinkpads but the quality (and keyboard) has gone downhill in recent models. Preinstalling malware is the final deal-breaker (The TFS says it was to consumer-grade machines, but doing this is a serious breach of trust).

Does anyone recommend a good enterprise-grade laptop? Something like the T400 but with a Haswell chip?

cat | ./post-to-slashdot END_OF_RANT

Can the bootloader be unlocked? It seems that any non-nexus devices can only be rooted through running some sort of security exploit against the running OS, which only gets you control over that OS and doesn't let you easily load a new OS.

I'd like to see a device where not only the bootloader is unlocked, but it lets you set your own signing key, re-lock it, and then only boot images you sign. I know this will not be the case for mainstream devices, but I hope there will be a market for such devices among the geek crowd.

END_OF_RANT

I have upgraded a few of my firefox installations (all with heavily customized profiles) and the tabs default to "Classic" mode. It looks like they disable the ads by default for existing installations.

It may be a while before the hardware becomes available, but thinking ahead even further, wouldn't it be awesome if you could replace a DIMM or a CPU without shutting down the machine? For really critical servers, this might be a good option to have at some point. It would be quite a challenge to implement something like this since the CPU and memory are so integral to the machine but it doesn't mean it can't be done.