[geococcyxc]

I read about one of these devices once, vendor info said that it runs a small and "verified" kernel (probably seL4 or something like that) that does the TCP stuff and took care not to let any real information flow in the other direction. Apart from FTP, it support SMTP, probably others as well that I forgot. It did not sound very convincing to me. Even if the kernel is totally secure, you could probably have a side channel via ACK timing?