With enough autism in your overlay configs, sure, but in my environment tat leakage is still encrypted. It’s far simpler to just accept leakage and encrypt the OS partition with a key that’s never stored anywhere. If it gets lost, you rebuild the system from pxe. (Which is fine, because it only takes about 20 minutes and no data we care about exists there) If it’s working correctly, the OS partition is still encrypted and protects any inadvertent data leakage from offline attacks.
Separate persistent data and operating system partitions, ensure that every local network has small pxe servers, vpned (wireguard, etc) to a cdn with your base OS deployment images, that validate images based on CA and checksum before delivering, and give every user the ability to pxe boot and redeploy the non-data partition.
Bitlocker keys for the OS partition are irrelevant because nothing of value is stored on the OS partition, and keys for the data partition can be stored and passed via AD after the redeploy. If someone somehow deploys an image that isn’t ours, it won’t have keys to the data partition because it won’t have a trust relationship with AD.
(This is actually what I do at work)
It is slightly different, but in a way that’s worse.
AR uses a transparent overlay over reality perceived through a translucent surface, or at most a small subset of your vision is replaced. Think sunglasses with a screen you can see through, or a small corner of your vision is blocked by a tiny screen.
In Apple’s “spatial computing” cameras recreate and alter reality, nothing you see is with your own eyes because no part of the display is transparent.
In most modern Linux distributions, you could preconfigure retroarch and whatever else first, then set the filesystem to read-only, while mounting an overlay filesystem on top that is discarded at reboot.
The idea would be no matter how hard he breaks it, he shouldn’t have Root’s password and therefore cannot disable overlayfs
Look for the overlayroot package in whatever Linux distro you’re most comfortable with.
1a. The last straw for me was when they deprecated car mode entirely and insisted on even more flashy moving elements in the standard player. It became a safety hazard to use.
Can’t combine your own music with cloud music anymore (when Spotify started, you could combine their libraries with your own music if you had something that they didn’t)
No normalization adjustments for songs that are too loud or too quiet
No per-device (or at all iirc?) Equalization
Periodic check-in required every (30d last time I used the service) for offline content, meaning if you download stuff to your laptop, don’t touch it for a month, and then go on a plane you don’t have access to your music.
Constant background app openings. App opens itself constantly to track your location, and broadcast to other devices whether or not you’re playing music. Integrated with lots of ad/tracker networks
Quality is terrible. I dunno what it is because apparently I’m not even one of the people that can tell the difference between 128 and 256, but the same song in Plexamp at 320 vs Spotify whatever is night and day, especially on bad car speakers.
I haven’t used the service in years and that’s just off the top of my head why Spotify is terrible.
There are some good ones out there. Where I work, they believe me to be irreplaceable. The truth is that I’m sure there are thousands of competent engineers that could replace me, just not for my salary, and certainly not also willing to move to a small town. They don’t want to pay full market rate for what I do, but they convince me to stay on by letting me work my own hours, full-remote, great vacation and benefits, etc. Ive been so productive since leaving office work that the entire organization now has remote work policies.
They’ve figured out that it’s cheaper to just make your employees not hate their lives and I’m absolutely here for it.
I don’t think anyone should expect a battery replacement to be free after 10 years, but it shouldn’t cost $100,000