grarpamp:
On Wed, Feb 28, 2018 at 10:43 AM, mick mbm@rlogin.net wrote:
On Tue, 27 Feb 2018 14:47:06 -0500 grarpamp grarpamp@gmail.com allegedly wrote:
If ovh vps gives root, bypass the fee with: md(4) vnode > geli > mount.
Then again, if the iron isn't dipped in epoxy (not done), in your own secure datacenter (not extant), on trusted #OpenHW (not AMD / Intel / or any other to date), built in trusted #OpenFabs (non extant), running validated #OpenSW (non extant), in a voluntarist libertarian environment free from force, one's use case might be moot.
Gotta love you Grarpamp. :-)
But in the real world we /have/ to trust someone, somewhere, somehow, sometime. What everyone has to decide for themselves is /how much/ trust to give, to whom, when, where and why. And that depends entirely on your threat model and your appetite for risk.
Sorry, but with decades of both plausible and exploited risk extant, with however many million millionaires and significant billionaires, and crowdfunding (further enhanced by the dawn of cryptocurrency and all its new models that can be brought to bear)... there is no rational reason to continue this global head in sand downplay and refusal to get moving and start building #OpenHW in #OpenFabs. The old goalpost of who, where, how, when, and how much open and even explicitly proven trust exists in HW / Fabs simply must start shifting for the better until it becomes the new "real world". Further, such trust is profitable business model.
If kids can build home semiconductor labs making open IC's, you can bet the above sponsors with those visionaries can easily scale beyond a billion gates.
https://www.youtube.com/results?search_query=home+semiconductor+fab
(Obligatory credit given to #OpenSW for at least being opensource, but they're hardly under open validation programs yet either.)
Yes, and while grarpamp digs down to undercut abstractions, others build up and up with more virtualization as a security feature.
Note that I'm not referring to just using VPS', which for many is an easy and necessary gateway to running Tor nodes.
Build a system on top of another system and you have more systems to trust, more to patch. More systems doesn't mean more security. And that Intel "quirk" now impacts more systems.
Ultimately more code translates into more bugs.
Yes, a bit of a rant, but also an opportunity to strongly counter the privacy-enhancing technology community over the past few years that stacking systems with virtualization is somehow a security enhancement.
g