#qi-hardware IRC log for Monday, 2014-09-01

wpwrakthis is rich (alas, in german). 1) nude pics of "celebrity" stolen from the cloud: http://en.wikipedia.org/wiki/Probability_distribution11:45
wpwraknow, in the past she complained that the cloud service (some apple thingy) would constantly remind her to make backups. her reaction: "i don't know how i would back you up. do it yourself."11:46
wpwrakwell, seems that she may have two more wishes left (-:C11:46
eintopfwpwrak: hi11:48
eintopfcan I talk "under the hood" for we should not hide a discussion about something?11:49
eintopfI simple used it right now, doesn't matter now :)11:49
wpwraki might be able to answer that, if i had understood what you actually asked ;-)11:51
eintopfwpwrak: kann ich schreiben "we should not talk about this under the hood" - Wir sollten das nicht heimlich besprechen?12:03
eintopfgoogle translate said something about "Motorhaube" :-)12:04
wpwrak"we should talk about this openly" ?12:15
wpwrakso, someone asking silly wpan questions in private ? :)12:16
wpwrakthen you could just suggest the list or a channel, since there's usually no implied secrecy anyway12:16
DocScrutinizer05http://0pointer.net/blog/revisiting-how-we-put-together-linux-systems.html18:25
DocScrutinizer05WTF of the year18:25
DocScrutinizer05randomly picked quote >>Any library that is not included in the runtime the developer picked must be included in the app itself. This is similar how apps on Android declare one very specific Android version they are developed against. This greatly simplifies application installation, as there's no dependency hell: each app pulls in one runtime<<18:26
DocScrutinizer05poettering at his best18:26
DocScrutinizer05"the systemd cabal" - suckers18:27
DocScrutinizer05oooh btw btrfs will be the only fs allowed for rootfs18:28
whitequarkit has some interesting and sane ideas18:29
whitequarkbut the proposal as a whole seems misguided at best18:29
DocScrutinizer05pretty much, yes18:33
DocScrutinizer05seems to be the proof that he's on crack, to me18:33
DocScrutinizer05particularly sneaky: his sidenote introduction of Trusted Computing[TM]18:36
whitequarkthese trust root thingies are OK when you control them18:36
whitequarkin fact, it's pretty much required to keep a system secure when it's written mostly in C18:36
DocScrutinizer05you cannot control them, this would defeat/break the *concept* and render whole TC as a broken pile of stinking... problems18:37
whitequarkuh, what?18:37
whitequarkof course I can18:37
whitequarkI can control the UEFI on my laptop. it requires some BIOS gyrations, but in fact this is a *required* feature for laptop UEFI18:37
whitequarki.e. you, as a user, MUST be able to replace all existing keys with just your own18:38
DocScrutinizer05the "chain of trust" needs to be unbroken from repo to app. No way end user can hold the keys18:38
whitequarkuh, no, not how it works18:39
whitequarkor rather there are several chains of trust18:39
DocScrutinizer05of course, exactly how it works18:39
whitequarkone chain of trust certifies the boot process, another the app18:39
whitequarkI was talking about the first one just now18:39
DocScrutinizer05haha18:39
whitequarkthe latter one, you ALREADY have on your debian system18:39
DocScrutinizer05exactly18:40
DocScrutinizer05but what poettering suggests is not that18:40
whitequark>In fact we want a fully trustable OS, with images that can be verified by a full trust chain from the firmware (EFI SecureBoot!), through the boot loader, through the kernel, and initrd.18:40
DocScrutinizer05when you can have an "untrusted" bootloader or kernel, the whole trust in apps is for the arse18:40
whitequarkno, it's not, it just has different goals18:41
whitequarkyou won't be able to deploy DRM18:41
whitequarkbut you WILL be able to deter for example malware writers with rootkits18:41
DocScrutinizer05errrr18:41
DocScrutinizer05that's what SElinux is meant for18:41
DocScrutinizer05and MD5sums18:41
whitequarkLOL18:41
whitequarkmd5sums.18:42
whitequarkI can forge an md5sum with a piece of paper and a pen (almost)18:42
whitequarkbut more seriously18:42
DocScrutinizer05I'm pretty sure Poettering is exactly 4 months late18:43
DocScrutinizer05err 518:43
larscis he pregnant?18:44
DocScrutinizer05well, when it results in Linus and other guys with their brains still fully working are now completely rejecting poettering crap, it may have been a good thing in the end18:44
DocScrutinizer05pregnant? no, I think this would have made a fine blogpost for April 1st18:45
whitequarkDocScrutinizer05: ok, I don't really have time to dissect Poettering crap18:45
whitequarkbut having a trust root on a system is a very good idea18:45
whitequarkand any modern system MUST have one18:45
DocScrutinizer05my systems work great without18:46
whitequarkthe plural of anecdote is not data, etc18:47
whitequarkyour system is insecure as shit18:47
whitequarkLinux is18:47
whitequarkthe Linux userspace is even more18:47
whitequarkright now, if you have a rootkit on your system, you will probably never know18:47
larscwell at least this will provide for some popcorn19:01
DocScrutinizer05((you will probably never know)) well, just like you, or anybody using this TC nonsense19:08
DocScrutinizer05once you have it on your system, the idea _is_ that it's not noticeable anymore19:09
DocScrutinizer05the question however is how it got there. For that the chain of trust may help, but only when you accept that somebody else you trust is signing the kernel resp rootkit-space19:10
DocScrutinizer05otherwise there's not a single benefit from signing stuff over other methods to make sure the rootkit doesn't infest your system19:11
DocScrutinizer05I rather rely on not getting any malware infested kernel rather than testing a signature during boottime19:13
whitequarkDocScrutinizer05: uh, incorrect.19:15
whitequarkif you don't have the key in cleartext, even if your kernel got owned, after reboot you are either 1) back to clean system 2) back to a system which doesn't boot19:16
whitequarkthe issue is not getting a malware infested kernel19:16
whitequarkthe issue is a rootkit modifying your boot chain via a remote and a local vuln19:17
whitequarkremote to get on your system, local to get root. linux has hundreds of local root vulns, it's a complete abundance19:17
whitequarkand remote ones are relatively plenty too, especially if you run some shit userspace19:17
DocScrutinizer05granted. But the stuff poettering wants to implement is much closer to TC than to your usecase, for all I understand from skimming over that blogpost19:34
DocScrutinizer05and that's only one of the idiocies in that proposal. btrfs as mandatory component of the architecture is another one19:35
whitequarkDocScrutinizer05: I agree that poettering proposal is silly in general.19:39
whitequarkI just want to say that I am very unsatisfied with the current state of Linux too, for some reasons that are similar to his19:39
DocScrutinizer05ok, we easily can agree on this :-)19:41
whitequarkfor once :D19:43
Action: whitequark goes back to designing a quadruple mass analyzer power supply19:43
whitequark12kV, 3MHz sine, 100W or so19:43
whitequarkhaha this is great: https://imgur.com/a/1PDRJ20:29
whitequarkhttps://twitter.com/SwiftOnSecurity/status/49908960982167961620:29
whitequarkhttps://twitter.com/SwiftOnSecurity/status/49595391086391296120:29
DocScrutinizer0512kV, 3MHz sine, 100W - sounds like some real fun22:31
whitequarkyes22:33
--- Tue Sep 2 201400:00

Generated by irclog2html.py 2.9.2 by Marius Gedminas - find it at mg.pov.lt!