alwayscurious - Network

To clarify, this refers to the general case of untrusted code running on Linux as a standard unprivileged user, or of using Linux with...

To clarify, this refers to the general case of untrusted code running on Linux as a standard unprivileged user, or of using Linux with not-fully-trusted Bluetooth, USB, or other devices.

A remote code execution vulnerability in Linux’s TCP/IP stack would be both almost unheard of and absolutely catastrophic for the entire Internet. Thankfully, my understanding is that these are extremely rare, especially if one avoids newer protocols like MPTCP and obscure protocols like SCTP or DCCP.

Also, tight sandboxes with very strict seccomp filters can be very difficult to break out of, as the vast majority of vulnerabilities in the kernel aren’t reachable from them.

Linux is fundamentally insecure and insecureable. It can be hardened quite a bit, but it will never match a microkernel.The reason that...

Linux is fundamentally insecure and insecureable. It can be hardened quite a bit, but it will never match a microkernel.

The reason that compartmentalized OSs use Linux in VMs is because there is no other reasonable way to run existing applications or support existing hardware. In the deeply embedded world, where the hardware is much simpler and the existing applications do not assume POSIX, microkernels are much more popular.

That doesn’t mean that Linux is worse than Windows or macOS. It means that Linux is worse than Xen or seL4.

Does it make sense for Firefox to continue having its own browser engine, instead of wrapping WebKit or Blink?

Does it make sense for Firefox to continue having its own browser engine, instead of wrapping WebKit or Blink?

People have stuff to get done. Telling users that they shouldn’t run the software they need to use because of security just gives...

People have stuff to get done. Telling users that they shouldn’t run the software they need to use because of security just gives information security experts a bad reputation. It’s our job to give users a way to do what they need to do without horrible security risks.

Our job is not to tell people they shouldn’t be playing video games. It is not even to tell them that they need to buy separate hardware for them. It should be to provide them a way to run the games with near native performance without compromising the security of their system, and to make that way so easy that it becomes just how people do things.

If we settle for anything less, we are accepting that the systems of a huge portion of the world’s population will never be secure. I am not willing to surrender that fight.

Content warning:uspol, ICEWhat the hell, America? This is absolutely evil and...

Content warning:uspol, ICE

What the hell, America?
This is absolutely evil and horrifying.

https://www.kpbs.org/news/border-immigration/2025/02/28/german-tourist-held-indefinitely-in-san-diego-area-immigrant-detention-facility

Using AI to generate machine-checked formal proofs of correctness would be absolutely amazing, if one has a proof checker that is secure...

Using AI to generate machine-checked formal proofs of correctness would be absolutely amazing, if one has a proof checker that is secure against malicious inputs. The proofs require a huge amount of effort to write by hand, and since they are machine-verified you don’t need to worry about the AI getting it wrong. The checker will catch it.

Are out of order processors anything but a workaround for programming langauges not making parallelism easy?

Are out of order processors anything but a workaround for programming langauges not making parallelism easy?

The sad reality is that if I had to run a site that allowed users to upload content, I would only consider externally-hosted SaaS solutions....

The sad reality is that if I had to run a site that allowed users to upload content, I would only consider externally-hosted SaaS solutions. Self-hosting is too legally risky. See https://social.treehouse.systems/@dee/113662184456889247.

On Windows, how do I run a service with privileges that are strictly less than SYSTEM, meaning that if the program can get SYSTEM...

1. On Windows, how do I run a service with privileges that are strictly less than SYSTEM, meaning that if the program can get SYSTEM privileges, it is a security vulnerability in Windows?
2. Why is this hard? Nobody on *nix would ever run every service as root!
3. Why does Microsoft not make this easy?
4. Why does Microsoft not use this more?

If people don’t have confidence that an update won’t break stuff, they will put off updating, and that is bad. Major user interface are...

If people don’t have confidence that an update won’t break stuff, they will put off updating, and that is bad. Major user interface are a form of breaking stuff, because for many people adapting to those takes a lot of time and effort.

Corporations can have test environments, but most people only have one personal computer, so they will never have a separate test environment from their production environment. They need the testing to have been done by someone else, so that they can be confident that the update they get will work without having to test it themselves.

Stable distributions have their place. There is a reason that SUSE and Red Hat are multibillion-dollar companies, and that Ubuntu is one of the most popular distributions out there.

There are areas where one doesn’t care where a correct result came from, because it is much easier to validate a correct answer than to...

There are areas where one doesn’t care where a correct result came from, because it is much easier to validate a correct answer than to find one in the giant search space.

For instance, the proofs of mathematical theorems can be checked, so they don’t need to be trusted. It doesn’t matter where the proof came from, only that it exists and is valid.

There are other, similar cases in many other STEM fields too. It is much easier to check that a machine works than it is to design it in the first place.
It is much easier to reproduce a chemical synthesis than to create from scratch. And there are many, many other examples.

It is these fields that I think generative AI can actually be of great benefit to humanity, because one expects that many if not most ideas will be wrong. One just needs to find one that isn’t.

I wish that one could fit a complete security hypervisor, including display, input, storage, and printer drivers, into less than 50,000...

I wish that one could fit a complete security hypervisor, including display, input, storage, and printer drivers, into less than 50,000 lines of code. It was possible back in the past!

#Microsoft appears to be ceding the #onpremises market to third-party tools.That market includes lots of large businesses, classified...

#Microsoft appears to be ceding the #onpremises market to third-party tools.

That market includes lots of large businesses, classified networks, and probably more.

How can one use a TPM 2.0 to store an SSH host key?I would like the key to be derived deterministically from a known in-TPM hierarchy. The...

How can one use a TPM 2.0 to store an SSH host key?

I would like the key to be derived deterministically from a known in-TPM hierarchy. The intended application to provide a host with a machine identity that persists across OS reinstalls.

When will #XDC2024 proposals open?

When will #XDC2024 proposals open?

My personal view is that in theory, containers should be a very strong security boundary. In practice, OS kernels have too many...

My personal view is that in theory, containers should be a very strong security boundary. In practice, OS kernels have too many vulnerabilities unless additional mitigations are used.

There are two reasons that VMs are generally a stronger security boundary than containers:

1. Hypervisors provide a much simpler interface than monolithic kernels do, which means less attack surface.
2. System calls are much more common than hypercalls and emulated instructions, so expensive speculation mitigations like address-space isolation or flushing the branch predictor are more affordable.

Containers are a security boundary. Whether they are a good security boundary is another question.

Containers are a security boundary. Whether they are a good security boundary is another question.

Firefox is much better than Chrome at preventing websites without browser exploits from tracking you and at not sending data to Google.It is...

Firefox is much better than Chrome at preventing websites without browser exploits from tracking you and at not sending data to Google.

It is much worse at protecting from malicious websites with browser exploits, because its sandboxing is far worse.

I want processors that are optimized for coordination and fine-grained parallelism. And I want programming languages that can make use of...

I want processors that are optimized for coordination and fine-grained parallelism. And I want programming languages that can make use of this.

Hardware goes to extraordinary effort to extract latent parallelism out of sequential code, but one of the reasons that code is sequential is because the overhead of coordination is so high!

Android should provide an API for long-running foreground compute jobs.

Android should provide an API for long-running foreground compute jobs.