Timeline for hacker list by mikegerwitz, page 3
-
Mike Gerwitz (mikegerwitz)'s status on Wednesday, 15-May-2019 00:45:08 UTC Mike Gerwitz @cwebber Oh, I would certainly advocate for libre hardware. What I was replying to was your original message:
> Would you buy/use a computer that ran 3x slower than modern machines if it were more secure (less vulnerable to side-channel attacks)?
I interpreted this as buying a modern e.g. Intel processor that has Meltdown/Spectre microcode mitigations, which can cut performance of certain processes by half (which we have to deal with at work).
But RISC-V is another story. We actually gain something substantial there. -
Mike Gerwitz (mikegerwitz)'s status on Tuesday, 14-May-2019 09:01:28 UTC Mike Gerwitz @cwebber @lxoliva Certainly we need to trust it as well. But if you're installing software on your system, there are generally other, more effective ways to compromise the user than resorting to side-channels.
But ensuring your software is signed and reproducible also helps to mitigate targeted attacks---if you're running the same software that everyone else is running, then the risk is very high for someone to do something malicious and tarnish their reputation.
Many users just `curl foo | sudo sh` the latest hot thing as they're instructed. -
Mike Gerwitz (mikegerwitz)'s status on Monday, 13-May-2019 02:51:25 UTC Mike Gerwitz @lxoliva had some compelling words about this at LP2019:
https://media.libreplanet.org/u/libreplanet/m/who-s-afraid-of-spectre-and-meltdown/
I don't know if your comment related at all to Spectre, but---if all the software running on your system is free software, what is there to fear? And I agree.
The biggest trouble is that people often run non-free and untrusted code all of the time in their web browsers, and don't see it as a software freedom or security issue. It's important to recognize it for what it is---untrusted, unsigned, ephemeral software---if you're going to consider security tradeoffs when it comes to certain mitigations. I personally don't run JS at all, even if it's free, with very few exceptions, because it's unsigned. -
Mike Gerwitz (mikegerwitz)'s status on Friday, 10-May-2019 02:15:30 UTC Mike Gerwitz Video for my #LibrePlanet 2019 talk "Computational Symbiosis: Methods That Meld Mind and Machine" is now available, and includes the slides:
https://social.mikegerwitz.com/url/74281
The PIP does slightly cover some slide contents. PDF of the slides is here:
http://mikegerwitz.com/talks/cs4m.pdf
Errata posted here:
https://social.mikegerwitz.com/conversation/177288#notice-260018 -
Mike Gerwitz (mikegerwitz)'s status on Thursday, 02-May-2019 02:20:26 UTC Mike Gerwitz @dthompson I bought it more than a couple years ago, so I don't recall what I paid back then, but I thought it was >=60USD. The current Nitrokey Pro 2 price is ~54USD.
Absolutely worth it, though. I use it every day for SSH, signing email, commit signing, decrypting personal files, and some other things.
The U2F one is ~25USD, but it's not a smart card. -
Mike Gerwitz (mikegerwitz)'s status on Tuesday, 30-Apr-2019 02:33:30 UTC Mike Gerwitz @dthompson They demoed the PureBoot process at LibrePlanet, using the key, and it looks great. I have a Nitrokey Pro---which is all their key is, plus the extra LED---and they said it'd work with that.
I asked them two years ago at LP if they'd consider adding Trackpoint, and it wasn't something they were going to do at the time. That's going to be a major disappointment for me as well. But there are keyboards that have it built in (of course that doesn't help on the go).
@cwebber did you ever get a chance to find/use a USB-C dock? -
Christopher Lemmer Webber (cwebber)'s status on Saturday, 20-Apr-2019 18:01:48 UTC Christopher Lemmer Webber Jetblue is rolling out a procedure where they identify customers not by their boarding pass or passport, but by facial recognition provided by the Department of Homeland Security https://twitter.com/mackenzief/status/1118509708673998848 http://mediaroom.jetblue.com/investor-relations/press-releases/2018/11-15-2018-184045420
Makes me feel sick to my stomach. I should stop flying places.
-
Mike Gerwitz (mikegerwitz)'s status on Thursday, 11-Apr-2019 17:03:40 UTC Mike Gerwitz @diggity There's a lot of good stuff your replies---thank you for all of the work that you and the others at @privacylab do! I will certainly stay tuned.