Jarkko Sakkinen
Posts
4522Following
316Followers
478OpenPGP: 3AB05486C7752FE1
Jarkko Sakkinen
jarkko
Edited 1 year ago
"No Arduino! If you aim to master embedded systems, Arduino won’t cut it. It’s a playground for hobbyists, not the battleground for engineers. The purpose is not to scare you — It’s to help you out. It is to give you a proper direction." -https://medium.com/@umerfarooqai/embedded-engineering-roadmap-say-no-to-arduino-a0eed8e1bf10
Well, that at least scares me. How I think is that one should take the simplest possible tool to get a PoC.
Otherwise, all energy might be consumed in useless and pointless battles. Conserving energy, prioritizing and picking the right battles is what engineers IMHO do.
#arduino #engineer
Well, that at least scares me. How I think is that one should take the simplest possible tool to get a PoC.
Otherwise, all energy might be consumed in useless and pointless battles. Conserving energy, prioritizing and picking the right battles is what engineers IMHO do.
#arduino #engineer
2
0
2
Jarkko Sakkinen
jarkko
Last bit from my side for TPM2 asymmetric keys: https://lore.kernel.org/linux-crypto/20240515150213.32491-1-jarkko@kernel.org/T/#u
Now I'll wait for some patches from James Prestwood based on his previous work: https://lore.kernel.org/keyrings/20200518172704.29608-1-prestwoj@gmail.com/
Now I'll wait for some patches from James Prestwood based on his previous work: https://lore.kernel.org/keyrings/20200518172704.29608-1-prestwoj@gmail.com/
0
0
1
Jarkko Sakkinen
jarkko
Edited 1 year ago
"FBI seize BreachForums hacking forum used to leak stolen data"
https://www.bleepingcomputer.com/news/security/fbi-seize-breachforums-hacking-forum-used-to-leak-stolen-data/
https://www.bleepingcomputer.com/news/security/fbi-seize-breachforums-hacking-forum-used-to-leak-stolen-data/
0
0
2
Jarkko Sakkinen
jarkko
Edited 1 year ago
Pull request 4/4 pulled this time for asymmetric keys :-) https://lkml.org/lkml/2024/5/15/699
My PR's were in chaos about a year ago, and Linus also complained about the quality. This was mostly because the startup I was in went out of business and lots of stuff going on in life overall but I've gradually improved my process to make it more fail-safe. Results start to show and four PR's to four subsystems was a non-issue :-)
In the next life crisis: I'm prepared
My PR's were in chaos about a year ago, and Linus also complained about the quality. This was mostly because the startup I was in went out of business and lots of stuff going on in life overall but I've gradually improved my process to make it more fail-safe. Results start to show and four PR's to four subsystems was a non-issue :-)
In the next life crisis: I'm prepared
0
0
1
@pid_eins tiny embedded, Kernel QA, testing pre-production hardware that is in FPGA (not yet ASIC) the sweet spot is a static multi-call binary. And also sort of like Chrome web browser works :-)
I'd really have to actually try the upstream to get a better picture what is going on. as said, i only really know what the distro enables for me so i might be totally lost with this.
Also in the higher end of the scale, i.e. latest Xeon and EPYC server hardware a static mult-call binary would bring a *huge* security benefit: systemd could be bootstrapped as it is inside SGX/TDX/SNP enclave and fully attested, encrypted and integrity protected. It would bring "infrastructure security" to systemd that can protect from many attack vectors due software bugs.
I'd really have to actually try the upstream to get a better picture what is going on. as said, i only really know what the distro enables for me so i might be totally lost with this.
Also in the higher end of the scale, i.e. latest Xeon and EPYC server hardware a static mult-call binary would bring a *huge* security benefit: systemd could be bootstrapped as it is inside SGX/TDX/SNP enclave and fully attested, encrypted and integrity protected. It would bring "infrastructure security" to systemd that can protect from many attack vectors due software bugs.
0
0
0
Jarkko Sakkinen
jarkko
@kernellogger Rust community will learn one lesson eventually: a pole position must be maintained because there is this thing called "competition" ;-) Rest of the world lives by measured facts. Pretty amazing how great static analysis for plain C has gotten in GCC14. And for plain C it can only get better given that the language spec does not grow constantly.
0
0
1
@jejb @kernellogger @pid_eins For reference this is how I test upstream: https://gitlab.com/jarkkojs/linux-tpmdd-test. I often branch this locally and then add/remove some stuff but yeah this is the context. Would be counter-productive to add systemd, even if it gave me support for unit-files.
0
0
0
@jejb @kernellogger @pid_eins Right to be in phase what is going on in systemd it would need to replace this multicall binary called "busybox" which is defacto for kernel testing. Otherwise I hear about features when they get enabled in stock distributions (for the most part) :-)
Nothing wrong in systemd but it just don't cut in fast-phased kernel QA cycle. If there was "microd" that would be a drop-in replacement for busybox, that would work. This a niche where systemd *does not* dominate. No time to follow every possible thing but as user I'm happy with it.
Actually it would have benefits over busybox, even if it was somewhat rigged and stripped off. The main issue with busybox is that it cannot obviously re-use unit files from upstream projects. So you need to sometimes launch daemons manually or rewrite init in sysvinit.
A topology of two multicall static binaries would not be outrageous for kernel testing: "microd" doing systemd alike stuff and busybox providing the command-line tools. It would be still pretty trivial to deploy even without a build system.
Nothing wrong in systemd but it just don't cut in fast-phased kernel QA cycle. If there was "microd" that would be a drop-in replacement for busybox, that would work. This a niche where systemd *does not* dominate. No time to follow every possible thing but as user I'm happy with it.
Actually it would have benefits over busybox, even if it was somewhat rigged and stripped off. The main issue with busybox is that it cannot obviously re-use unit files from upstream projects. So you need to sometimes launch daemons manually or rewrite init in sysvinit.
A topology of two multicall static binaries would not be outrageous for kernel testing: "microd" doing systemd alike stuff and busybox providing the command-line tools. It would be still pretty trivial to deploy even without a build system.
1
0
0
Jarkko Sakkinen
repeated
repeated
Woger the Shrubber
roger_booth@social.bitwig.community
Edited 1 year ago
Will Google release an ad today that can outcringe Apple's latest?
0
1
1
Jarkko Sakkinen
repeated
repeated
Lynnesbæn 
lynnesbian@fedi.lynnesbian.space
"i use linux as my operating system," i state proudly to the unkempt, bearded man. he swivels around in his desk chair with a devilish gleam in his eyes, ready to mansplain with extreme precision.
"actually," he says with a grin, "linux is just the kernel. you use GNU+linux."
i don't miss a beat and reply with a smirk, "i use alpine, a distro that doesn't include the GNU coreutils, or any other GNU code. it's linux, but it's not GNU+linux."
the smile quickly drops from the man's face. his body begins convulsing and he foams at the mouth as he drop to the floor with a sickly thud. as he writhes around he screams "I-IT WAS COMPILED WITH GCC! THAT MEANS IT'S STILL GNU!"
coolly, i reply "if windows was compiled with gcc, would that make it GNU?" i interrupt his response with "and work is being made on the kernel to make it more compiler-agnostic. even if you were correct, you won't be for long."
with a sickly wheeze, the last of the man's life is ejected from his body. he lies on the floor, cold and limp. i've womansplained him to death.
2
14
3
@lynnesbian i think this might be the most correct way to describe it: it is ELF/Linux OS 🤷 easy and universal :-)
0
0
1
Jarkko Sakkinen
jarkko
@lynnesbian or if you draw an image with inkscape, is the image also inkscape? o_O
1
0
1
Jarkko Sakkinen
repeated
repeated
Paul Cantrell
inthehands@hachyderm.ioWho called it “code review” instead of “objection-oriented programming”
4
15
2
Jarkko Sakkinen
jarkko
Edited 1 year ago
Time to write Linux PAM module in Rust for the ethprague conference. Rust over C because it is much nicer environment to talk web APIs. And yeah, pam-rs exists. It is about ethereum network based authentication, details at the con.
0
0
1
@pid_eins @jejb @kernellogger I did now integration shenanigans and some reorg in kernel code base for James Prestwood (iwd dev). He will write RSA/ECDSA ops for asym keys and test them with iwd. It made sense because iwd being good test target and he has PoC'd the RSA part before.
The idea is to have a single key crypto primitive API in the main TPM driver (selected with TCG_TPM2_KEY) and all primitives there and none in the subsystems that call TPM. Initially it contains ASN.1 encoder/decoder relocated from trusted keys.
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/log/?h=tpm2_key
Even if some bits are still missing, I think the topology of this code nice right for a longer period of time, and not such a sprinkled mess like it used to be.
The idea is to have a single key crypto primitive API in the main TPM driver (selected with TCG_TPM2_KEY) and all primitives there and none in the subsystems that call TPM. Initially it contains ASN.1 encoder/decoder relocated from trusted keys.
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/log/?h=tpm2_key
Even if some bits are still missing, I think the topology of this code nice right for a longer period of time, and not such a sprinkled mess like it used to be.
1
0
0
@pid_eins @kernellogger @jejb I paid attention to the state year ago or similar timeline when I bought that Mac Mini :-) it worked but i did not switch from passphrase because of the bus issue. This closed the scheme enough for me to be ready to fully switch. In that sense it is complete and along the lines of macOS (without requiring vendor lock-in chip).
1
0
0
@jejb @kernellogger true but the basic frames have been set at least and more to come.
like before this there was something in one axe and nothing in the other. now both have something so it is at minimum a complete iteration ;-)
like before this there was something in one axe and nothing in the other. now both have something so it is at minimum a complete iteration ;-)
0
0
1