Jarkko Sakkinen
Posts
4987Following
329Followers
494OpenPGP: 3AB05486C7752FE1
@AAKL @arstechnica @dangoodin To add, most of then I've seen PXE in practical use has been a lab space in hardware company in a network that is already closed from rest of the company network. This is not to say that would not be other uses for this too but yeah...
1
0
0
@AAKL @arstechnica @dangoodin
This is how you market your infosec company :-)
Not disregarding the vulnerability but you would need:
1. Access to local network.
2. PXE enabled in BIOS (I mean UEFI).
Practical exploiting scenarios are very limited so not loosing my sleep at night for this :-) I neither do not believe that TianoCore developrs are "scrambling" because of this...
This is how you market your infosec company :-)
Not disregarding the vulnerability but you would need:
1. Access to local network.
2. PXE enabled in BIOS (I mean UEFI).
Practical exploiting scenarios are very limited so not loosing my sleep at night for this :-) I neither do not believe that TianoCore developrs are "scrambling" because of this...
2
0
0
Jarkko Sakkinen
repeated
repeated
Linus Torvalds
torvaldsStaycation: day five.
Power still off, but outside is warming up. So now it’s a big ice rink outside with people playing bumper cars with the real things.
Not interested in partaking in that particular contact sport, and as a result I’m still not leaving the house even if the worry about frozen pipes is fading.
Instead trying to see how far I can get on the remaining merge window pulls on just battery power. Not very far I bet, but at least something.
PGE claims power back tonight. Of course, they did that yesterday too…
14
33
210
@roger_booth @polarity with their hardware designs I think the project is doing good for audio industry because their work can cut some of the R&D costs for small businesses and (crowd funded) startups alike. So I definitely would want support such good work for the community.
edit: oops s/hard/hardware/ :-)
edit: oops s/hard/hardware/ :-)
0
0
1
Jarkko Sakkinen
jarkko
I met the original creator of #RTIC last week and what they're doing felt exciting. It is AFAIK the leading hard real-time solution for #Rust. I'm thinking that could something similar as #Jailhouse (a partitioning #hypervisor) be used to provide environment inside Linux to run workloads for something like RTIC . #rustlang
0
0
0
Jarkko Sakkinen
jarkko
@wamserma JavaScript has this crippled number presentation where number is either 32-bit signed int or a double depending on operation applied.
So they added https://developer.arm.com/documentation/dui0801/h/A64-Floating-point-Instructions/FJCVTZS
:-)
So they added https://developer.arm.com/documentation/dui0801/h/A64-Floating-point-Instructions/FJCVTZS
:-)
1
0
0
@polarity @roger_booth i prefer this over phoscyon and abl303 because it does not have e.g. sequencer, yet another delay and stuff like that which is not that useful...
1
0
0
Jarkko Sakkinen
jarkko
@roger_booth @polarity i could support midilab but do not see any link to make a donation.
1
0
0
Jarkko Sakkinen
jarkko
Edited 1 year ago
To this day even tho I've contributed #Intel #SGX support to the kernel, I don't know how to check the chain as an end user.
E.g. Signal claims to use Intel SGX. How do I verify that for my benefit? There really should be some sort of universal standard for attestation of SGX/TDX/SNP workloads.
I mean the workload itself can be with a proprietary technology but attestation should be standardised. With that we could perhaps have something like certification chain that goes from data center up to the web browser.
I think confidential computing today is broken because of this and for most somewhat useless, expect in the white papers speaking about military grade security and all that :-) The hardware is expensive, attestation is broken and even the terminology is broken. In normal crypto-terminology confidentiality does not guarantee integrity. Better name would be thus trusted computing and somewhat easier to put into your mouth too. I've hated that term since I first heard about it.
E.g. Signal claims to use Intel SGX. How do I verify that for my benefit? There really should be some sort of universal standard for attestation of SGX/TDX/SNP workloads.
I mean the workload itself can be with a proprietary technology but attestation should be standardised. With that we could perhaps have something like certification chain that goes from data center up to the web browser.
I think confidential computing today is broken because of this and for most somewhat useless, expect in the white papers speaking about military grade security and all that :-) The hardware is expensive, attestation is broken and even the terminology is broken. In normal crypto-terminology confidentiality does not guarantee integrity. Better name would be thus trusted computing and somewhat easier to put into your mouth too. I've hated that term since I first heard about it.
2
0
0
Jarkko Sakkinen
jarkko
Edited 1 year ago
Another thing learned from local #rustlang meet up. There is one really useful sounding application for #Rust #embedded #USB stack: #firmware updates from web browser.
Some audio hardware uses #WebMIDI for this but this would widen the scope.
I'm not sure tho how the access would be provided to the device if the USB stack was compiled in wasm.
Some audio hardware uses #WebMIDI for this but this would widen the scope.
I'm not sure tho how the access would be provided to the device if the USB stack was compiled in wasm.
0
0
1
I was actually surprised how crappy the thing is in the standard ATM but obviously it will get fixed at some point.
Another thing I learned is that ARMv8 has special opcodes for JavaScript :D Fixing a horrible programming language with hardware features is pretty interesting.
Another thing I learned is that ARMv8 has special opcodes for JavaScript :D Fixing a horrible programming language with hardware features is pretty interesting.
1
0
0
@troglobit it took me about a week even to find a form to write anything to the customer service :-) well hidden feature.
1
0
0
@troglobit amazon goes kafka way with the algorithm...
1
0
1
Jarkko Sakkinen
repeated
repeated
The Last Psion | Alex
thelastpsion@bitbang.socialSide note: The article in that last toot is by the Castle Game Engine project, a game engine entirely in #ObjectPascal.
At first glance, their docs look to be very clearly written and approachable.
Also, they're written in #AsciiDoc, stored in a Git repo and turned into a static site. And you all know I love me a bit of AsciiDoc.
Thumbs up from me!
0
1
1
Jarkko Sakkinen
jarkko
I learned over the weekend (I was at a local #rustlang meetup) that interrupt controller caps #riscv for competing with #ARM on real-time tasks. I also learned about #CLIC. Just wondering are there any other extensions making waves or is CLIC where the world is converging.
More information:
https://ieeexplore.ieee.org/document/9660345
More information:
https://ieeexplore.ieee.org/document/9660345
2
0
1
Jarkko Sakkinen
jarkko
@troglobit thanks for the compassion, i'm not even pissed for some reason because the situation is so ridiculous :D cannot honestly believe this
1
0
0