Ohh that’s true, I didn’t think about that. It would be difficult to route anything through it unless you were connected directly to it with nothing in-between because no other router would forward packets destined for somewhere else to my machine (except maybe in the extremely unlikely case of source routing?). It seems obvious now lol, thank you!

I’ll write some firewall rules just in case

I see. Our motherboards have different chipsets (I have an X570 in mine). It probably has nothing to do with my issue…

Hoping those kernel parameters fix it. I wish I could help further. PCs are just a bottomless, mostly undocumented rabbithole :(

What motherboard do you have? Also what happens exactly when the lock-ups happen? Have you ever been playing audio when the lock-ups happen and does it loop or stop or keep playing?

I recently had to “fix” (workaround) a similar issue in the OpenBSD kernel with a specific hardware peripheral on my PC (running a 2nd-gen Ryzen), the High Definition Audio controller. For whatever reason (and only when I was running OpenBSD) interrupts from the HDA controller (to let the CPU know to refill audio buffers) would just randomly stop making it to the CPU and audio would loop for a few seconds and then shut off. I spent a long time trying to figure out what causes it and reading Linux driver code but I couldn’t find a cause or why only OpenBSD would trigger it. I ended up having to write kind of a hacky polling mode into the HDA driver. My only guess is some of these AMD-chipset-having motherboards have faulty interrupt controllers.

Maybe there is a similar issue with your system and timer interrupts aren’t making it to your CPU or something. But I’m not really an expert on PC architecture and idek if it even works like that on PCs lol

Sorry for so many questions but do you also have any kernel logs available from when this happens?

I simply do both

It’s not working

There are some purpose-built ARM Linux laptops available but as an owner of an unused Pinebook Pro… can’t recommend

Walking the path of a PC hater is not easy

Xorg? Wayland? You have bespoke protocols just for windowed graphics? I’m happy with my /dev/draw and /dev/wsys/*

Unix is a zombie OS that should probably die

deleted by creator

I’ll believe it when we dismantle the nukes, class society, and fossil fuel industry. A better world is possible but only if we fight for it.

Cygwin is great too! You can have a fully POSIX-compliant environment on Windows, no virtualization or anything needed. You can even distribute programs to other Windows users linked to their POSIX compatibility layer library.

NTFS file locking is pain

Well Linux is using rdrand in place of the fTPM one so … from firmware to hardware.

That depends on your distribution’s setting of the CONFIG_RANDOM_TRUST_CPU compile-time configuration option and the random.trust_cpu sysctl setting. I’m not sure what the major distributions are doing with that at the moment.

Then again even if you generate random numbers using pure software, is your CPU or firmware FOSS and without bugs (cough … Debian OpenSSL maintainers, cough …)? If not, and you assume you can’t trust the firmware and hardware - all your random numbers are belong to us.

Like you said, it is impossible to be completely safe. But using proprietary cryptographic hardware/firmware, the inner workings of which are known only to Intel, introduces a lot of risk. Especially when we know the NSA spends hundreds of millions of dollars on bribing companies to introduce backdoors into their products. At least when it’s an open source cryptographic library they have to go to great lengths to create subtle bugs or broken algorithms that no one notices.

Our CPUs are certainly backdoored too, beyond RDRAND. But it’s way more complicated to compromise any arbitrary cryptographic algorithm running on the CPU with a backdoor than making a flawed hardware RNG. Any individual operation making up a cryptographic algorithm can be verified to have executed properly according to the specification of the instruction set. It would be very obvious, for example, if XORing two 0s produced a 1, that something is very wrong. So a backdoor like this would have to only activate in very specific circumstances and it would be very obvious, limiting its use to specific targets. But a black box that produces random numbers is very, very difficult to verify.

Ultimately, the real solution is the dissolution of the American security state and the computer monopolies.

If I’m fucked, they’re fucked.

Not if they’re the only ones who know about the backdoors.

Edit: I started writing that before your edit about the “Ken Thompson hack”. An element of any good backdoor would include obfuscation of its existence, of course. The issue is it is impossible to predict every possible permutation of operations that would result in discovery of the backdoor and account for them. Maybe if you had a sentient AI dynamically rewriting its own code… anyway, backdoors in tooling like compilers is very concerning. But I’m not too concerned about a Ken Thompson type attack there just because of how widely they’re used, how many different environments they run in, and how scrutinized the outputted code is.

👁 Imagine using any commercial firmware/hardware RNGs.

I like Alpine Linux. You could also try OpenBSD if you want a Unix that just works without as much struggle. NetBSD and FreeBSD are also around and have Linux binary compatibility.