Unpopular opinion regarding the whole Linux boot, randomness and blocking discussion:

Continuing operation without blocking when there’s not enough entropy is bad because one may generate weak cryptographic keys. However, I think the basis for Linus argument is right when he says that people regard this behavior (blocking boot) as broken.

Blocking is a usability issue and that almost always trumps security. The underlying problem is scarce entropy which should have been solved long ago...

Guess we now have fuzzers preempting CVE embargos: CVE-2019-14821 embargo got lifted because syzkaller (Linux syscall fuzzer) found and reported the same KVM bug.

lkml.org/lkml/2019/9/17/133

Kensan boosted

as every ~6 months, I setup a small router (PC Engines APU) for our upcoming MirageOS retreat in Marrakesh... using MirageOS services where applicable: DNS, DHCP, CalDAV... \o/ -- this time with reasonable monitoring (influx + grafana) so others can enjoy and play with this in Marrakesh.. the router being our infrastructure also means the root password is empty, and everybody is invited to improve (or mess around)... I also plan to document that setup this time for real ;)

The conference was SpISA 2019: Workshop on Instruction Set Architecture Specification. The program had some very interesting talks so if this is your cup of tea, keep an eye out for slides becoming available.
Unfortunately there were no recordings apparently.

cl.cam.ac.uk/~jrh13/spisa19.ht

According to a talk at given by an Intel employee, Intel is working on a machine readable specification. This would be huge since it would provide an unambiguous and consistent specification of the x86 ISA. That’s the dream anyway ;)

Birdsite link: twitter.com/kensan42/status/11

Made my first poll on the birdsite. Obviously, I only ask easy questions about uncontroversial topics... 🤦‍♂️ .

twitter.com/kensan42/status/11

Kensan boosted

@Kensan @jessfraz Matrosov & Gazet's EC work is wonderful and reiterates the need to treat our machines as a network of mutually untrusting devices that happen to be on the same board together.

Read @qrs take on several Blackhat 2019 talks:. Especially “Breaking Through Another Side” sounds interesting.

trmm.net/BH2019

(h/t @jessfraz from birdsite)

Kensan boosted

I just need ONE MORE #cccamp2019 ticket to make sure everyone in my Mexican squad who can go to camp makes it there.

Please retoot or let me know what I need to do to incentivize folks.

Kensan boosted

enjoyed this critical mass bike ride today in berlin quite a lot... 40km with 5000 people... :D i really like the organisational structure (none, more-or-less consens based where to go at every crossing); and the police being very nice and polite (this used to be quite different some 10ish years ago - where they used their batons against us)... highly recommend, every last friday in your town :D -- go and make a difference by showing that streets do not solely belong to cars :D

Kensan boosted

what I forgot to mention: the next retreat is end of September (23rd-29th). It helps a _lot_ if you sign up (early!), and actually pay and attend ;) retreat.mirage.io for more information!

Kensan boosted
Kensan boosted

anyone aware of a "the last 40 years of TCP/IP vulnerabilities"? would love to read such a pdf (already manually went through the TCP advisories for FreeBSD since 2000)

Kensan boosted

@LaF0rge @Kensan if you prefer a pdf (and complete sentences), there's a free downlad at dl.acm.org/citation.cfm?id=114 :)

Kensan boosted

$ solo5-hvt --net:service=tap0 --net:management=tap10 -- network.hvt --ipv4=10.0.42.2/24 --management-ipv4=192.168.0.2/24
...
2019-07-10 17:06:14 -00:00: INF [application] service new tcp connection from IP 10.0.42.1 on port 10142
2019-07-10 17:06:15 -00:00: INF [application] service read: 8 bytes:
adsads
2019-07-10 17:06:35 -00:00: INF [application] management new tcp connection from IP 192.168.0.1 on port 63638

we now have multiple network device support in solo5 and \o/ :D :D

Kensan boosted
Kensan boosted

after some cleaning up (of @haesbaert awa-ssh) for a more up-to-date opam packaged world, I started to work on a ssh client implementation... before I fell asleep it was ~150 lines of code and already doing RSA key authentifcation.. let's see whether it's easy enough to open some channels and communicate as well ;)

Kensan boosted

1986: Chernobyl and Northern Italy 

Had a most enjoyable time at Säntis Systems Summit with many interesting discussions! Learned about RISC-V, Return of the One-Time Pad and many other interesting things.
It was nice to meet up with friends and at the same time meet new people. What a great group of people together on top of Säntis!

Birdsite links:
twitter.com/kensan42/status/11
twitter.com/avsm/status/113954

Show more
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!