* Posts by zxq9

2 posts • joined 20 Mar 2018

One solution to wreck privacy-hating websites: Flood them with bogus info using browser tools


Don't a lot of us already do something similar?

That said, Three Dead Trolls in a Baggie was way ahead of their time releasing "The Privacy Song" in the 1990's:


Still funny to me...

OK, deep breath, relax... Let's have a sober look at these 'ere annoying AMD chip security flaws


Re: Closed black box firmware

This is a ridiculous argument and leads right back to "trusting trust".

If you don't trust the manufacturer, the shipper, the prepper, or the administrator of the system, then OF COURSE you don't trust the system. That point should be obvious.

We have had a policy in the unit I was in previously (and now I have brought it to my current company) that "physical access is the final barrier". And that's it. TCM concepts and whatnot are simply never, ever workable. Even the classic "evil maid" attack isn't actually mitigated by UEFI or TCM because the firmware itself can be replaced with physical access (whether or not root on a running system). The softness of software makes it impossible to know anything about any mutual trustworthiness scheme where two soft modules verify one another.

Go write a package manager. Or a "secure" compiler suite. Have fun figuring out where a reasonable "bottom" lies as you start digging into issues about trusting trust.

This was CLEARLY a hit piece on AMD. I don't know if Intel funded it -- it seems highly plausible but unlikely because it could probably be easily traced back to them -- but whoever did certainly had an anti-AMD agenda and picked their moment to counteract the slew of recent Intel flaws.


Biting the hand that feeds IT © 1998–2020