[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image



grarpamp:
> On Wed, Feb 28, 2018 at 10:43 AM, mick <mbm@xxxxxxxxxx> wrote:
>> On Tue, 27 Feb 2018 14:47:06 -0500
>> grarpamp <grarpamp@xxxxxxxxx> allegedly wrote:
>>
>>> If ovh vps gives root, bypass the fee with: md(4) vnode > geli >
>>> mount.
>>>
>>> Then again, if the iron isn't dipped in epoxy (not done), in your own
>>> secure datacenter (not extant), on trusted #OpenHW (not AMD / Intel /
>>> or any other to date), built in trusted #OpenFabs (non extant),
>>> running validated #OpenSW (non extant), in a voluntarist libertarian
>>> environment free from force, one's use case might be moot.
>>>
>>
>> Gotta love you Grarpamp. :-)
>>
>> But in the real world we /have/ to trust someone, somewhere, somehow,
>> sometime. What everyone has to decide for themselves is /how much/ trust
>> to give, to whom, when, where and why. And that depends entirely on your
>> threat model and your appetite for risk.
> 
> Sorry, but with decades of both plausible and exploited risk extant,
> with however many million millionaires and significant billionaires,
> and crowdfunding (further enhanced by the dawn of cryptocurrency
> and all its new models that can be brought to bear)... there is no
> rational reason to continue this global head in sand downplay and
> refusal to get moving and start building #OpenHW in #OpenFabs.
> The old goalpost of who, where, how, when, and how much open
> and even explicitly proven trust exists in HW / Fabs simply must
> start shifting for the better until it becomes the new "real world".
> Further, such trust is profitable business model.
> 
> If kids can build home semiconductor labs making open IC's,
> you can bet the above sponsors with those visionaries can
> easily scale beyond a billion gates.
> 
> https://www.youtube.com/results?search_query=home+semiconductor+fab
> 
> (Obligatory credit given to #OpenSW for at least being opensource,
> but they're hardly under open validation programs yet either.)

Yes, and while grarpamp digs down to undercut abstractions, others build
up and up with more virtualization as a security feature.

Note that I'm not referring to just using VPS', which for many is an
easy and necessary gateway to running Tor nodes.

Build a system on top of another system and you have more systems to
trust, more to patch. More systems doesn't mean more security.
And that Intel "quirk" now impacts more systems.

Ultimately more code translates into more bugs.

Yes, a bit of a rant, but also an opportunity to strongly counter the
privacy-enhancing technology community over the past few years that
stacking systems with virtualization is somehow a security enhancement.

g

-- 


34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays