Kensan boosted

@theruran @stman In 2014 we gave a presentation at the (inaugural) High Integrity Software. While the topic was Muen SK, we also talked about the security of complex software using SLOC as an approximation. It becomes evident quite quickly, that event with the big caveats (very low defect rate, not all bugs are security relevant, page 6) writing secure software in the 10s of thousands of SLOC range is very hard to do.

Kensan boosted

it has been 8 years since heartbleed, and 7 years since The Linux Foundation began their experiment in ensuring OpenSSL maintenance was properly funded so that they had the correct incentives to properly manage their project in a responsible way.

Show thread
Kensan boosted
Kensan boosted

@yomimono Also, there’s the CEO of Coinbase, which is a crypto currency exchange, taking to the birdsite to assure everyone that there is no risk of bankruptcy. Strong “nothing to see here” energy.

Wow, this quote from the official NVIDIA announcement regarding upstream approach: „…published source code serves as a reference to help improve the Nouveau driver. Nouveau can leverage the same firmware used by the NVIDIA driver, exposing many GPU functionalities, such as clock management and thermal management, bringing new features to the in-tree Nouveau driver.“

Show thread

For those in disbelief that hell hath frozen over: here’s the source code of NVIDIA‘s opensource GPU driver.

Looks like the *coin fire sale has started rolling. While it would be a moment for „I told you so“, remember that this is going to be bad for so many people that have been scammed/pulled into this :/

Just glad that my regular pestering of my relatives about what a bad idea all of the cryptocurrency pitches are has kept them from buying into the narratives.

So, my ISP Init7 upgraded their POP last night and as of this morning I theoretically have a symmetrical 25 GBit fiber uplink… And yes, it’s the same price (777.- CHF per year).

Does anyone have hardware recommendation for a quiet/fanless firewall that can achieve these speeds? Asking for a friend¹… 😆

¹ @cynicalsecurity

„The CPU Instruction Set Architecture must be extended!“ is the processor equivalent of „The line must go up“. Latest example from Intel: TDX. Good luck reviewing the 104-part Linux Kernel/KVM patch set ¯\_(ツ)_/¯

(/cc @cynicalsecurity)

Seriously, cannot recommend them enough to take your mind of anything and simply enjoy listening to music. They gave an NPR Tiny Desk concert which is also on YT. Even just reading the comments with all the drummer jokes is worth a look/laugh :)

Show thread
Kensan boosted
Kensan boosted

Very first world problem: 25G FTTH (symmetric) 

The Swiss provider Init7 is offering 25G _real_ symmetric FTTH bandwidth to its customers on upgraded exchanges.

For someone who started off with acoustic couplers it is a personal bandwidth I cannot even fathom. The 2Mbps across the Atlantic which JANET had in the early '90s felt "fast".

Now, looking at my home setup there is literally nothing which could cope with more than 1G except the cabling (which I put in) as it uses expensive STP w/ Cat 6a. Nobody seems to complain except for the WiFi which would not be affected in the least by the FTTH upgrade. Indeed, the biggest issue in Swiss apartment buildings like mine is that there are literally as many WiFi networks as there are apartments, the signal bleeds into your neighbours _and_ you also get the signals from the buildings across the road :flan_laugh:

There is also the problem of a firewall. At home the firewall is a simple matter of doing some NAT and blocking ad providers. That's hardly taxing but do that at 25G and it starts getting taxing! This starts getting into the serious hardware realm…

Where I do have a far better infrastructure, i.e. my office, I am stuck with their Copper7 service, i.e. VDSL, which is a very respectable and reliable 300/100 service. As the office is literally 200m from the exchange but "on the wrong side of the road", there is no FTTH infrastructure. Init7 actually fought hard and tried everything to have my building covered but without success.

So, ultimately, I don't even understand why you'd want 25G at home, I find 1G symmetric more than enough and I _work_ with 300/100 including serving the primary PoC||GTFO mirror!

Anyway, I love the idea of the challenge of setting up a real firewall for a 25G symmetric link which is suitable for home (i.e. quiet, cool, etc.). Will be thinking a lot about this.

Kensan boosted

Research on Intel processors 

Back in 2018 Intel and myself had an exchange with the vague idea that I might work for them. Nothing came out of it but, during the process, I wrote up a few research ideas which I was interested in and, I thought, were probably not a bad idea to pursue as part of a security lab at Intel.

Summarising, the ideas were:
* The security of extensions in x86 & amd64
* A different approach to supervisor mode in multi-core CPUs
* Searching for excessive trust in microcode
* Verifiability and reliability in multi-core designs
* Cloud-linked cores
* Themal management & reliability (& security)
* s/Thermal/Power/
* Using on-board peripherals to alter the behaviour of cores
* Exposing the µops as an architecture in itself.

The one-pager with a bit more detail can be downloaded from


Recently rediscovered a band with a peculiar sound that is just wonderful and really enjoyable: Khruangbin. It is one of these bands that create something different with an audience present. Would *love* to see them live! The drummer is just so low-key and on point *chefkiss* However everyone in the band is brilliant and one can feel they just love playing together.
Here’s a YT recording of them playing live:

Kensan boosted

Question to knowledgeable folks: a PC Engines APU2B4 running OPNsense seems to get nowhere near Gbit (~475 Mbit/sec) throughput. Does anybody know what the technical reason that could be the cause of this? Anybody have some insight?

¹ Apparently it is possible to get >900 Mbit with the Linux-based IPFire distro.

Oh my good, Rod Gilbert is at it again! Apparently he’s been working on a sequel to "Monkey Island 2: LeChuck’s Revenge" called “Return to Monkey Island” for the past two years. Also on board are Dave Grossman und composer Michael Land.

Release is sometime in 2022.

Kensan boosted

Between you and me, this is one of the most frustrating things about working at Mozilla. We spend _years_ busting our asses on privacy, agonizing over minimalist, rigorously anonymized telemetry, making sure it's all transparent and safe and has opt-outs, and the internet screams at us for it anyway. And every other tech company out there responds to the years of research it takes to prove they don't give a shit about any of this with "whoops yeah sorry my bad we'll definitely do something".

Show thread
Show older

The original server operated by the Mastodon gGmbH non-profit