social.kernel.org

one aspect in security, which has been wrong even in some of the linux foundations pages from time to time is that they differentiate answers between "incorrect password" and "acount does not exist". this should be obviously opaque.

it allows to query which sites user has an account, which is useful information in wrong hands already.

#infosec #oracle

Jarkko Sakkinen

jarkko

20 days ago

when it comes to infosec i'm glad at least that the "era of silly security questions" is over.

it was super-frustating to copy-paste set-and-forget one-time pad answers to questions such as "what was your mothers maiden name", when they were still a thing.

i don't know who invented them but the person should get some kind of worst invention of IT ever award or something.

#infosec #password

Jarkko Sakkinen

jarkko

20 days ago

Next thing I'll add to tpm2sh is direct support for keyctl syscall and key re-creation in kernel. After that I can revisit asymmetric keys kernel patch set :-)

Jarkko Sakkinen

jarkko

20 days ago

Reply to @Foxboron@chaos.social

@Foxboron I recently migrated from shim to sbctl based secure boot. Now I'm thinking why I did not do this before :-)

Jarkko Sakkinen

jarkko

20 days ago

Edited 20 days ago

for what is worth here's arch installation running for my Ryzen 9950X desktop :-)

https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/sysdarch.git/

Just though to upload it somewhere for backup.

It has secure boot (sbctl), TPM2 unlock, and finally EXT4, which is probably a twist from current standards (but is so convenient given universal support everywhere).

Jarkko Sakkinen

jarkko

20 days ago

rust learning of today: to avoid integer overflows when summing up lengths, always use checked_add in such situations :-)

E.g., this is wrong:

    let total_body_len =
        handle_area_size + parameter_area_size_field_len + param_area_size + sessions_len;

And this is right:

    let total_body_len = handle_area_size
        .checked_add(parameter_area_size_field_len)
        .and_then(|len| len.checked_add(param_area_size))
        .and_then(|len| len.checked_add(sessions_len))
        .ok_or(TpmProtocolError::IntegerTooLarge)?;

#rustlang

Jarkko Sakkinen

jarkko

20 days ago

Reply to @tess@mastodon.social

@tess Actually bullet two is the key of learning and understanding software and becoming a upstream contributor in most of major open source projects :-) You improve the system patch at a time until you understand why it works the way it does.

Thus, 180 degrees disagreement on bullet 2.

Jarkko Sakkinen

repeated

Marko Karppinen

karppinen@mastodon.online

21 days ago

Heh, Amazon's satellite internet service launched yesterday and their first marketing angle is “how about you get your AWS Direct Connect over satellite instead of paying for cross connects”
https://www.aboutamazon.com/news/amazon-leo/amazon-leo-satellite-internet-ultra-pro

Jarkko Sakkinen

repeated

Randahl Fink

randahl@mastodon.social

21 days ago

Here is my Ukraine peace proposal:

1. Putin is sent to The Hague.
2. Russian soldiers leave Ukraine including Crimea.
3. Russia returns all kidnapped Ukrainian children.
4. Russia releases all Ukrainian prisoners.
5. Russia pays damages for everything their war has destroyed.
6. Russia pays damages to Ukrainian families who have lost family members.
7. Russia pays damages to every person who has been tortured, abducted or otherwise criminally mistreated.
8. Ukraine becomes a member of the EU.

Jarkko Sakkinen

jarkko

21 days ago

the main problem with confidential computing is and will be that it is not hacker enabled ecosystem.

or it's as hacker enabled as IBM mainframes.

i.e., there is no such thing as distruptive innovation.

it might be commercially viable story for companies that produce the hardware to other big companies but it is still a sad story ;-)

and you do not own the hardware EVEN if you buy it because it's locked in to the CPU companies CA.

Jarkko Sakkinen

jarkko

23 days ago

This screenshot shows strong evidence of:

1. OpenSSL cross-compatibility.
2. tpm2-tools cross-compatibility.
3. Linux kernel compatibility (as in trusted keys and in future also asymmetric keys).

#linux #kernel #tpm #rustlang

Jarkko Sakkinen

jarkko

24 days ago

in kernel testing i've moved from qemu to "libvirt + qemu" :-) why i haven't done this before...

Jarkko Sakkinen

jarkko

24 days ago

Reply to @jarkko

0.15.21

Show older

About social.kernel.org

Terms of service

Please do not use this service in violation of the Linux Kernel Code of Conduct. Doing so will result in your account suspension with the referral of the matter to the CoC committee.
"Repeating"/"boosting" someone else's status on this platform will be treated as endorsement and will fall under rule #1.
You are encouraged to use this platform to promote your work on the Linux Kernel, but there is no restriction on permitted topics (with the exception of anything covered by #1 above).
There is no requirement to post in English, but it should be considered the primary language of communication on this platform.

Privacy notice

The admins of this service have access to all posted statuses. They aren't looking, but if it's something they shouldn't know about, then you should not post it on this platform.

Please see the Linux Foundation Privacy Policy, which applies to this platform as well.

Getting your own account

If you would like an account on this instance, please check that the following applies to you:

You are listed in MAINTAINERS or CREDITS
OR: You have a kernel.org account or email address
OR: You have a long and established history of involvement with the Linux Kernel

If the above is true and you agree with the Terms of Service and Privacy Notice listed above, please use these instructions to request an account:

How to request an account on social.kernel.org