Christopher Lemmer Webber
Follow

Foreshadow looks really bad.

> At a high level, whereas previous generation Meltdown-type attacks are limited to reading privileged
supervisor data within the attacker’s virtual address space, foreshadow-NG attacks completely bypass the virtual memory abstraction by directly exposing cached physical memory contents to unprivileged applications and guest virtual machines.

foreshadowattack.eu/foreshadow

Again, we need community auditable, secure, libre hardware designs powering out computer. We need RISC-V machines that are usable by everyday people.

@cwebber while I agree it's probably dangerous to assume there won't be vulnerabilities in such machines too (and hardware can't be updated/patched as readily as software) - I guess ideally you'd be able to print yourself a new cpu ;)

@wobblysaeeda Yes, and there's at least the opportunity for a) community analysis and input on design without legal threats b) possibility to produce variants (eg "gotta go fast" vs "hypersecure")

but it's true that you can't as cheaply run "./configure && make" just to build new hardware :)

@cwebber Yes.

I'd take a pretty steep reduction in performance to get an open, audit-able platform.

@cwebber I want a RISC-V-based T400-style Thinkpad with Libreboot and fully reproducible Debian – for games and stuff.

@cwebber what if we just didn't have computers anymore and collected stamps from our penpals

@cwebber Oh that's the issue.

At first I was like "so we can run our own code where companies don't want to let us? Good." But that so-called "trusted" coprocessor then has unconstrained access to RAM? Not so good.

Sign in to participate in the conversation
Octodon

Octodon is a nice general purpose instance.