freenode/#sicl - IRC Chatlog
Search
10:21:42
jackdaniel
I'm sure that hardware companies with roots in USA are very trustworthy, they even have a national agance that ensures the security ;)
10:22:27
jackdaniel
(not to mention that they in fact manufacture in China - another country with high moral standards when it comes to transparency)
10:23:36
beach
ebrasca: I doubt it. There is a bit that tells whether the processor is in supervisor mode. Apparently, it is enough to hook up a capacitor to it. Then it can be enabled by a certain sequence of instructions.
10:26:00
beach
ebrasca: Friendly advice: You should work on your English. It is easy to take people less seriously of they make lots of mistakes.
10:32:06
ebrasca
beach: I am interested in this part "A conforming implementation is free to accommodate other file system features in its pathname representation and provides a parser that can process such specifications in namestrings.".
11:07:58
frodef
The Spectre attack is quite interesting from a runtime perspective. Also the implied focus on indirect branch speed/optimization.
11:12:31
beach
By "from a runtime perspective", do you mean "from the perspective of designing a `runtime' for some language implementation"? Or just "runtime" in general?
11:21:28
pjb
I thought that most problems related to Spectre were that they thought that more money was to be made from extortion and blackmailing (along with slicing spies in two), than by honest capitalist means.
11:31:22
frodef
from a security standpoint, it reveals a flaw in the idea that one can really isolate code by the semi-virtual machine that is "userspace".
11:32:32
frodef
...although this even appears in pure javascript as soon as one isn't very careful about the primitives being made available.
11:34:16
frodef
(the existence of javascript "worker threads" yields high-resolition timers that can be used to extract secret information.)
11:36:10
heisig
My preferred approach to security is to know the developers that wrote my software, to a degree that I could locate them and hit them with a stick.
11:36:31
jackdaniel
OK, then here it goes (sorry heisig!) -- just add arbitrary delays to each operation, i.e (1+ heisig) ; that is 25 nanoseconds
11:36:33
pjb
well, when you see all the side channels that can be exploited for data exfiltration even in air-gapped computers...
11:39:30
pjb
Look at that for example: https://www.securityweek.com/ram-generated-wi-fi-signals-allow-data-exfiltration-air-gapped-systems
11:44:29
frodef
pjb: That seems like a force that could be used for good: Implement wifi without wifi hardware :)
11:59:22
pjb
frodef: theorically. But in practice, there's energy management problems. It's good when you have receiver hardware that can detect low power (RAM level) wifi…
12:00:47
pjb
The thing in this use case, is to be able to transmit data even weakly, using any (limited) resource at hand, but it doesn't restrict the resources you can use to listen to it. You can have a truck of instruments in the road near the building…
12:01:38
frodef
pjb: so you can have a special device in your pocket, run your "special program" on location, and have everything downloading without plugging in a pendrive or anything. Or a truck outside..
15:51:25
splittist
Oh no - I have McClim working on my (Windows) development machine (from Docker)! There goes any chance of progress...
15:57:41
jackdaniel
"[and] it is derived from the Ancient Greek words 'chronos' and 'phage', meaning 'time-eater'.", nice