The rally fighter and other local motors vehicles are open source iirc, but I agree this should be the future.

FYI, on many systems you can rip out or otherwise disable the lte/sat boards and prevent data transmission. Sometimes it takes a touch of soldering.

I have long advocated for disabling tpm in bios, uefi-boot raw dm-crypt to even get grub much less init. This is also how I have done encrypted disks in the cloud using dropbear ssh as an initram shim for key/pass entry. Bios boot pass is annoying but required. Watch your acess/auth logs. Run a HIDS. Isolate your procs and especially their network comms. Security is an onion, not that most c-suites have any idea these days, blinded by fast talkers.

if security is an onion, why do you advocate for throwing the baby out with the bathwater?

Could you be more specific please?

What's your way of providing laptops to your employees? For simplicity, let's assume everyone is located in the same country.

Setup in house via imaging then control once vpn is established via cac tooling. I've run all linux laptop fleets this way before so it does work but I have some ideas on improvement. PXE is a weak protocol in the stack for example.

I have a good story about this: My first time really working with a great scientist, we were taking genetic papers and making them code for improving analysis. I spent two days writing a perl script before I finally got frustrated enough to ask for help.

The first question he asked was "Did you email the author(s)?" I said I hadn't and didn't want to bother this seemingly very important scientist. He told me nonsense, that most of them don't mind responding but he warned me to be terse and to the point. I emailed the gentleman and told him what I was doing and my issues, and asked him for some guidance. He sent me back a one line awk-script that did everything all that perl was failing to do!

Of course all that proves is I'm horrible at perl, but it was an important moment in my life that showed me that even very smart and important people are still just people, and that just asking is often a great way to learn new things yourself, and that sometimes you just need to step back and reconsider what tools you are using. I am forever grateful that an awesome geneticist who needed help bootstrapping tech infra took the time to teach me, a greybeard sysadmin type, practical, reproducible science, from paper to implimentation. I learned a lot but the biggest downside is, after being heavily surrounded by scientists in the workplace in most jobs since then, I find companies without that difficult to work for.