HackerTrans
TopNewTrendsCommentsPastAskShowJobs

zimmerfrei

no profile record

comments

zimmerfrei
·vor 2 Monaten·discuss
> AMD ROCm is only supported in the rocm branch.

Has anybody tried it? There is a lot of emphasis on MacBook Pro in this thread, but I would like to use it with an AMD Halo Strix with 128GB of unified RAM.
zimmerfrei
·vor 5 Monaten·discuss
> Nvidia released the first Shield Android TV in 2015

> it took about 18 months to [create] an entirely new security stack [...] Android updates aren’t actually that much work compared to DRM security, and some of its partners weren’t that keen on re-certifying older products.

> In February 2025, Nvidia released Shield Patch 9.2 [...] That was the Tegra X1 [security] bug finally being laid to rest on the 2015 and 2017 Shield boxes.

This is a real engineering marvel. Everybody else would have just given up entirely long time ago. DRM bugs are in most case practically unrecoverable for products that shipped already (and physically in the hands of the adversary). The incentive to tell to consumers "Ditch that product you bought from us 2 years ago, and buy the more recent hardware revision or successor" is extremely strong.

This really feels like a platform that is maintained with pride and love by the nvidia engineering teams (regardless of one's opinion about DRM per se).
zimmerfrei
·vor 5 Monaten·discuss
I don't think that a 100% anonymous attestation protocol is what most people need and want.

It would be sufficient to be able to freely choose who you trust as proxy for your attestations *and* the ability to modify that choice at any point later (i.e. there should be some interoperability). That can be your Google/Apple/Samsung ecosystem, your local government, a company operating in whatever jurisdiction you are comfortable with, etc.
zimmerfrei
·vor 6 Monaten·discuss
If you use AEAD, you clearly expect your recipients to use a recent client. Same as if you want to use PQC or any other recent feature.

If your audience is wider, dont use AEAD but make sure to sign the data too.

With respect to the 90's design, yes, it is not pretty and it could be simpler. It is also not broken and not too difficult to understand.
zimmerfrei
·vor 6 Monaten·discuss
It is not a coincidence that most of the various proposed alternatives to PGP (signal, wormhole, age, minisign, etc) are led by a single golden implementation and neither support nor promote community-driven specifications (e.g., at the IETF).

Over the decades, PGP has already transitioned out of old key formats or old crypto. None of us is expecting to receive messages encrypted with BassOmatic (the original encryption algorithm by Zimmermann) I assume? The process has been slow, arguably way slower than it should have after the advancements in attacks in the past 15 years (and that is exactly the crux behind the schism librepgp/opengpgp). Nonetheless, here we are, pointing at the current gpg as "the" interoperable (yet flawed) standard.

In this age, when implementations are expected (sometimes by law) to be ready to update more quickly, the introduction of new crypto can take into account adoption rates and the specific context one operates in. And still, that happens within the boundaries of a reasonably interoperable protocol.

TLS 1.3 is a case in point - from certain points of view, it has been a total revolution and break with the past. But from many others, it is still remarkably similar to the previous TLS as before, lots of concepts are reused, and it can be deemed as an iteration of the same standard. Nobody is questioning its level of interoperability, and nobody is shocked by the fact that older clients can't connect to a TLS 1.3-only server.
zimmerfrei
·vor 6 Monaten·discuss
When you encrypt something, you are the one deciding which level of interoperability you want and you can select the crypto primitives matching capabilities you know you recipient reasonably have. I don't see anything special with this: when you run a web service, you also decide if you want to talk to TLS 1.0 clients (hopefully not).

sequoia's defaults are reasonable as far as I remember. It's also bit strange that the post found it defaulted to using AEAD in 2019 when AEAD was standardized only in 2024 with RFC 9580.

But the elephant in the room is that gpg famously decided to NOT adopt RFC 9580 (which Sequoia and Proton do support) and stick to a variant of the older RFC (LibrePGP), officially because the changes to the crypto were seen as too "ground-breaking".
zimmerfrei
·vor 6 Monaten·discuss
As mentioned a few days ago, this post mainly covers a gpg problem not a PGP problem.

I recommend people to spend some time and try out sequoia (sq) [0][1], which is a sane, clean room re-implementation of OpenPGP in Rust. For crypto, it uses the backend you prefer (including openssl, no more ligcrypt!) and it isn't just a CLI application but also as a library you can invoke from many other languages.

It does signing and/or encryption, for modern crypto including AEAD, Argon2, PQC.

Sure, it still implements OpenPGP/RFC 9580 (which is not the ideal format most people would define from scratch today) but it throws away the dirty water (SHA1, old cruft) while keeping the baby (interoperability, the fine bits).

[0] https://sequoia-pgp.org/

[1] https://archive.fosdem.org/2025/events/attachments/fosdem-20...
zimmerfrei
·vor 7 Monaten·discuss
This is the right answer.

The problem mostly concerns the oldest parts of PGP (the protocol), which gpg (the implementation) doesn't want or cannot get rid of.
zimmerfrei
·vor 9 Jahren·discuss
The bug seems to be about the processor leaving speculatively read privileged data in some of the caches, even if execution failed [1].

If so, clearing all caches upon a failed privilege check sounds like something within the capabilities of microcode and without unreasonable performance penalties.

Unfortunately, that would not explain the complex in-kernel fix...

[1] https://plus.google.com/+KristianK%C3%B6hntopp/posts/Ep26AoA...

EDIT: what remains in cache is not "speculatively read privileged data" but more "unprivileged data whose address is correlated to speculatively read privileged data". Retrieving later such address allows one to infer what the privileged data was. Still, the point about clearing all caches as countermeasure holds...