I am not sure if I should thank @Kensan and @qrs for introducing me to Intel's DIDO where the NIC speaks directly to the processor's L3 cache.

Now I am even more terrified of Intel processors than I already was.

It is obviously a performance trick taking DMA over PCI to the next level (most likely for Intel NICs which are already integrated on SOCs) but… my God that takes courage to deploy in any secure network design.

@cynicalsecurity @qrs Before DDIO it was called DCA - Direct Cache Access but supposedly it was not automagically active.

@kurtm @cynicalsecurity @qrs @Kensan RDMA explicitly bypasses security mechanisms. You don't want to use it in an untrusted environment, ever. At least on Ethernet (unlike Firewire) you have to enable it first...

@kurtm @cynicalsecurity @qrs @Kensan Plus, Shany did an awesome talk for a) a con newbie, b) a woman at a tech conference [I shouldn't have to say that, grr] and c) not having english as a first language. Still did a great presentation. And IIRC put in a credible beer-drinking performance at the Royal Oak, too :-).

@athompso @cynicalsecurity @qrs @Kensan I wasn't slighting the speaker in any way. The concept of DMA over ethernet gives me the willies. When I see the concept I mentally get see a big "BAD IDEA" stamped across it.

@kurtm @cynicalsecurity @qrs @Kensan I got that. It makes perfect sense in some limited scenarios (DB sharding, across a dedicated, isolated network, comes to mind). At large? No. Nonononono. We agree on that.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!