Hacker News new | ask | show | jobs
by kardos 3634 days ago
It's not at all discouraging to argue over the best encryption, it's plenty healthy to keep the research going so weak/defeated methods get deprecated and only the strongest remain in use.

But you're right that endpoint security is the next monumental task and the challenges are not entirely unknown [1]. How do you suggest we proceed to achieve trustworthy hardware?

[1] https://libreboot.org/faq/#intel
1 comments
pdimitar 3634 days ago
That's a very good question and a very tough one to answer. In my opinion we the humanity gave up the easy way to a secure and publicly audited hardware when Intel started growing. We lost the battle right there and then. To try and do the same they achieved in 10-15 years but be entirely transparent and auditable... seems impossible right now. :(

However, projects like Raspberry Pi are admirable and are efforts in the right direction (even though recently it has been questioned if it can be hacked the same way that Qualcomm-based Androids can). I recently heard about that 1000-core CPU as well. I wonder if that's entirely public? If it is, it might render the x86 / AMD64 model irrelevant so we shouldn't spend gigantic efforts in trying to catch up with 10-15 years of hard work from Intel.

So probably the general direction would be to make old and good hardware protocols famous by trying to "libre"-ify them and bring them up to speed to today's computational requirements (mind you, I still want to play my games on Ultra settings). Even if we start replacing things one by one, every iteration could decrease the attack sufrace. That'll force the malicious actors to take counter-measures; for example, I'd think trying to outlaw ARM (or economically attack its usage, which is the much more used way of doing things IMO) and only license Intel/AMD for certain applications would be a telling sign that somebody doesn't like what's happening.

I am not a hardware person (wish I was; I am not even electrical / electronical engineer!) but I am a privacy-conscious person, and quite paranoid too. I am sure there's a way but alas, I can't answer you in as constructive manner as I'd want to. I can only do a "boss speak" and be oblivious to the details. And at 36 with a well-built career I am beginning to doubt I'll ever try and become a hardcore hardware engineer in addition to my programming/sysadmin experience.

My apologies if I wasted your time reading this.

EDIT: btw, the linked article is scary....

link
ogurechny 3634 days ago
A little remark: Raspberry Pi is a nice market for Broadcom, Premier Farnell and other big players involved in making it. It also has proprietary chip that needs closed source software to work (while Intel provides a lot of open source code).

I guess their project has been really successful if “privacy-conscious” and “paranoid” persons consider it “admirable” based on nothing but the internet hype.

link
pdimitar 3634 days ago
You got me. I am not an expert. Your information is highly appreciated. This is not a sarcasm.

What would you recommend in terms of a really "libre" hardware?

link
ogurechny 3634 days ago
The answer is simple: there is no libre hardware if you want top performance, common architecture, don't have ability to order chips in hundreds of thousands or to make your own, etc.

The question is not whether some proprietary solution looks “free enough” if you squint your eyes more than the other proprietary solution. The question is whether people understand that chain of trust that ends in someone else's hands has its problems no matter how big that someone is, and bother to fix that vulnerability.

link
roninb 3626 days ago
I've been waiting to run across someone who may be able to scratch an itch that's been in the back of my head for a few months now and you seem like you might be able to help me out...

Would the developing J-Cores[0] being worked on by 0pf[1] be able to catch up (I'm thinking more along the lines of performance of recent mobile processors, not desktop processors)? I am under the impression that, while a monumental task is ahead of them, they have the boon of hindsight. Of a dozen processor architectures competing back then only a handful survived the decade and only 2 or 3 are being fabbed now (i386/amd64, ARMvX, and IBM?) and they can base decisions on the successes and failures of other chipsets, speeding up the development process. Is that fallacious thinking?

I know most of their goals are along the lines of getting custom fabs down to $20k and making the term "penny processor" a household term, but is there potential (read:hope) for a secure, performant (whatever that means to you) processor that we can use for daily computing without fear of a hardware-based backdoor?

link
kardos 3633 days ago
> there is no libre hardware if you want top performance, common architecture

Performance is definitely a difficult sacrifice. Consider however that your general computing could be split into a privacy sensitive component: sending emails/messages, assembling documents, banking website, etc, and a privacy insensitive component: compiling OSS, playing games, etc. Composing/sending email for example is not computationally demanding... so one might use a high performance Intel machine for insensitive computing and a lower performance libre machine for sensitive work. It's not perfect (web browsing can be both private and not, and demanding and not) but a refinement of this separation approach could be an interim solution until high performance libre hardware is available.

link