Since the birdisite is still full of crazies going on about the conspiracies behind AMDFLAWS I'll put something interesting here… Ben Laurie asked me for my opinion on CHERIE which I had been quietly following as the extension of Capsicum:
"Capability Hardware Enhanced RISC Instructions (CHERI)"
If you have never heard of it I warmly recommend a visit - they even run BSD :) (CheriBSD, https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/cheribsd.html_
Somehow I get the feeling that fretting over the latest bugs from vendors x, y and z on the birdsite is just such a big waste of time. I think I have to remove the remove the app from my mobile again.
For those wondering about amdflaws.com: to me it looks like a ploy to make money, see:
I've entered #rain-psc in the 2018 Hackaday prize. I don't expect to take the grand prize (competition isn't really my thing) but if I can place it will go a long way to funding my work (which is most necessary to make the jump to RISC-V).
If you have a few minutes, check it out and give it a "skull" :)
A relevant organization (#hardware):
The Free and Open Source Silicon Foundation
"#FOSSi Foundationis a non-profit foundation with the mission to promote and assist free and open digital hardware designs and their related ecosystems. FOSSi Foundation operates as an open, inclusive, vendor-independent group."
I wonder how hard it would be to design a board around SiFive's U540 (https://www.sifive.com/products/risc-v-core-ip/u54-mc/) that is compatible with the SOPINE module (https://www.pine64.org/?page_id=1491)?
Basically I need to sink some time into getting good enough at EDA tools to design SODIMM-scale electronics (or find someone to colab with 😅 )
This is great: my city was part of an eVoting test run for the past two votes and the percentage of people who voted electronically went *down* from 21% to 16% even though voter participation was higher this time! I take it as a sign that people are skeptical of eVoting. \@/
Here is a step-by-step tutorial on how to install and use Genode‘s Sculpt OS:
PDF is availalable here:
Note: It’s early days so expect some rough edges. It will progress quickly over the course of the year, see Genode‘s roadmap for 2018:
If it’s true that somebody nuked their server via the web “vuln” then it’s an even further testament to the sad state of affairs. Yes, the fuckup on Trustico’s part is colossal but whatever happened to “do no harm”?
Trustico, the ”Hold my beer” of certificate issuers.
Maybe tomorrow we learn that the CEO is actually a Machine Learning model...
Totally forgot to toot this: Genode release 18.02 is out which brings the Sculpt scenario and this Genode for desktop systems, at least for the early adopters ;)
If you want to get a better idea what Sculpt and Genode are check out this FOSDEM 2018 talk by Norman Feske (one of the founders of Genode):
Oh and it also contains the update of Muen to v0.9 :)
Can anyone point me to a PCIe -> RAM adapter?
/me wants to setup a 32Gb RAM disk via a PCIe adapter
That *should* help a bit with this shit
I guess it’s that time of the year where we collectively ask ourselves: why is my software stack trusting over 1k CAs? How likely is it, that the trust is warranted even if we assume all the certificate processing code is flawless?
So get this: the CEO of a Certificate Authority, which control the lock icon of your browser, sent >20k private keys via email, unencrypted. How hard can you show your incompetence and make clear that you had no place running that business in the first place?!?