Sure. If anyone is willing to put in that effort; I'm not going to audit all that code.
Does Deepin have its own package sources? B/c if so, you also have you audit all of the third-party packages for trojans, too.
I was going off what you said:
my threat model involves someone trying to physically unlock my device
This doesn't sound to me as if you're concerned about espionage - repeated, covert, root access to your computer, for the purpose of installing software to capture your keys, so that they can steal your computer and have complete access. If someone has remote root access to your computer, you're fucked, TPM or not; they'll just read what they want whenever you're logged in and using your computer.
TPM is for when you might not have secured physical access to your computer. Like, you're worried the NSA is going to sneak into your house while you're out shopping, pull your HD, replace the boot loader, and re-install it before you get home.
If you're only worried about, say, losing a laptop, or a search & seizure at your house, an encrypted HD is good enough. TPM and a keylocked BIOS are belts-and-suspenders, but if they want to get at the data they'll just pull the HD and run code-breaking software on it on and entirely different super-computer. TPM won't help you at all in that case.
Honestly, TPM is for a specific threat mode, which is much more like ongoing espionage, than simple opportunity theft. Your stated use case sounds more like the latter than the former.
They were expecting tens of thousands (40,000 by one count) - which was the estimate hyped by the protest organizers. They got a few thousands ("more than 2,000"). The police were probably over-prepared, less threatened, and therefore less reactionary. It seems like the protesters behaved themselves pretty well, although that's not always a guarantee against police brutality.
Better off Ted was great. The studio gave it a chance, even renewing a second season despite consistently poor ratings.
I don't know why it flopped. It certainly wasn't due to the usual corporate malfeasance, like what happened to Firefly. Maybe it was just timing; I'm honestly surprised that broadcast TV is still lurching along, with the pressure from streaming services.
There's a bot that just reposts X posts to Lemmy; so much, it is essentially just spam.
Thank god for the ability to block accounts and communities.
Man, you're just like Jill Stein!
Humans can turn nearly anything into a weapon, no argument; even a bicycle has offensive capability. I don't think it's being pedantic to claim that the intent being the design is significant in this case.
I read somewhere (Memory Alpha?) that the Defiant was Starfleet's first pure-play warship, the first starship that whose primary purpose was as an offensive attack craft. Whether or not that's true, the TARDIS' offensive capabilities are clearly just side-effects, like the ability to use a wrench as a club. A wrench makes a good club, but that's not what it was designed or intended for.
Mine is 3-pronged:
/root change, plus one nightly /home snapshot. but it's pretty demanding on disk space, and doesn't handle drive failure; so I also doThe only "restore entire system b/c of screwing up the OS" is #1. I could - and probably should, make a whole disk snapshot to a backup drive via #2, but I'm waiting until bcachefs is more mature, then I'll migrate to that, for the interesting replication options it allows which would make real-time disk replication to slow USB drives practical; I'd only need to snapshot /efi after kernel upgrades, and if I had that set up and a spare NVME on hand, I could probably be back up and running within a half hour.
K, so I'm probably oversimplifying, but almost all distros should allow you to at least encrypt /home, and although I haven't tried it myself yet, whole-disk encryption via UEFI is possible. You say your threat model is only someone trying to unlock your device, but it sounds as if you're not worried about espionage - someone gaining access to your computer and replacing the /efi boot process with something that will harvest your password when you log in. If all you're worried about is seizure and data protection, why isn't disk encryption sufficient?
If you really feel like you need TPM, Arch supports it, which means other distros do, too. Although, figuring it out for, e.g., Ubuntu of something you'll have to research; the Arch wiki is the most fantastic source of Linux documentation on the web, and much (but not all) of it can help with other distros.
I may be completely misunderstanding what problem you're encountering, but (a) disk encryption is trivial to set up on both Mint and EndeavorOS installers (the two I've used most recently), and (b) TPM certainly seems possible from the Arch wiki.
The Tardis doesn't have phasers or photon torpedoes, either. The Tardis has no offensive capabilities at all, whereas the Defiant is an offensive capability.
The difference is that laws in China require companies doing business in China provide the Chinese government with means to access all data crossing Chinese borders or involving persons of interest. You can read the DSL of China yourself; and consider that nearly every executive of any significant Chinese company also holds an office of some sort in the Chinese government, there are a vast number of Chinese nationals who are considered "persons of interest" to the national security of China and therefore fall under the DSL purview.
Any company building or selling software in China has to provide the Chinese government with access to data collected in China, or outside of China if it involves persons of interest for national security. Like I said, find the DSL and read it yourself, or read an InfoSec analysis of it from a company you trust - you don't have to take my word for it.
This immediately puts Chinese software into a different category of risk than non-Chinese software. Of course, the US could twist arms to get companies to put backdoors in software. But it's a false equivalency to say that they're the same. When the US does it, they have to do it covertly, and there's always the risk of a leak. When Chinese companies do it, they're doing it because Chinese data laws require them to.
This is very true; that's just plain Capitalism, and the government takes advantage of that through simply asking for the data.
It's a great reason to never use MS or Apple software.
I'm stuck on Android, which is no better, at least until someone sells a phone that is reasonably usable as a reliably daily driver. So, I assume everything going through my phone is surveilled. It's the price I pay for not wanting to limit myself to a dumb phone; a minimalist phone that will allowed me to use a P2P encrypted chat client would be sufficient; I'd even accept Signal, although I'm not a fan. But phones like the Light Phone are just too dumb, and none provide any sort of encrypted chat. Linux based phones (or, a phone-oriented Linux distro) are almost there, though, and I'm ready to jump when one gets a decent review.