cynicalsecurity ->@bsd.network @cynicalsecurity@mastodon.social

Please note that I have moved to: @cynicalsecurity - this account is seldom read and followers *do not* migrate over, i.e. you have to follow the other account if you are so inclined.

Periodic reminder - I do not monitor this account except sporadically.

Should you be interested in following me please follow:

@cynicalsecurity

Please note that I have moved to: @cynicalsecurity - this account is seldom read and followers *do not* migrate over, i.e. you have to follow the other account if you are so inclined.

Please note that I have moved to: @cynicalsecurity - this account is seldom read and followers *do not* migrate over, i.e. you have to follow the other account if you are so inclined.

Polite notice: I’ve moved, I’m on @cynicalsecurity now.

I just noticed some people are still answering here and I have not seen your messages, sorry :(

And yes, I did set the forward…

I have moved my main account to @cynicalsecurity should you wish to follow me there.

I have already followed, at least I hope, all those I was previously following.

Achtung Bitte: I am going to try to move my account from @cynicalsecurity to @cynicalsecurity…

I don't know if it will work correctly because I am using the web interface and I am one of these "give me my ADM-3A back" people. Bear with me.

For those desiring to take a trip down Folly Lane here's the (marketing) PDF for DIDO (DIrect Data iO, I think):

https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/data-direct-i-o-technology-overview-paper.pdf

I am not sure if I should thank @Kensan and @qrs for introducing me to Intel's DIDO where the NIC speaks directly to the processor's L3 cache.

Now I am even more terrified of Intel processors than I already was.

It is obviously a performance trick taking DMA over PCI to the next level (most likely for Intel NICs which are already integrated on SOCs) but… my God that takes courage to deploy in any secure network design.

Does anyone have experience with the PINE64 SBCs?

https://www.pine64.org/?page_id=46823

They seem to offer Gigabit Ethernet compared to the Raspberry Pi3 or is this purely theoretical? I also note FreeBSD support in 12.0-CURRENT.

On yet another note I have started dumping my brain on paper due to medical reasons. Almost forty years of hacking which might be eventually of interest to someone.

On a completely separate note from CPU shenanigans the amazing news is that I have two (!!) offers for H||GTFO articles, both by beards greyer than mine, and one of the two is DEC VAX hacking, the other stuff which would have been TS/SC not long ago.

So hoping they’ll deliver!

Should we stop and realise that we need data-driven security we would be forced to acknowledge the need for a major redesign.

Personally I’m quite fond of tagged designs but I am also looking elsewhere but always in the direction of securing data throughout the system and, possibly, the network.

The problem will just have been moved elsewhere to the next subsystem which was ignored in the original threat model and in the new amended threat model which is just “old threat model” + “side-channels in OoO execution”.

Because of the marketing-driven rush there will be no comprehensive review of the new threat model which includes a network, multi-tenant VMs, etc. Net result: we are playing whack a’mole with security issues in hardware as we are in software.