Celestial Weasel (celestialweasel) wrote,
Celestial Weasel

Take the utraviolet pill

The question that springs to my mind is is there a decent contemporary book about cybersecurity?. What are the real threat models these days that one might plausibly defend against? Clearly we have to distinguish between state and non-state actors - with state actors one is probably pretty screwed - and the question arises of what can they really do? Not that I believe they have quantum computers hidden away somewhere - not that you can necessarily do with them what wilder hype / folk-wisdom suggests.

What I was musing about was whether one make a reasonably secure, whatever that may mean these days, 'PC' - for some value of 'PC'?
I say 'PC' in quotes obviously.
Things like http://www.theregister.co.uk/2015/08/11/memory_hole_roots_intel_processors/ (fun with Ring -2)
and http://www.theregister.co.uk/2015/08/12/lenovo_firmware_nasty/ (weird PC boot up tricks, in conjunction with Windows)
makes me think one would rule out Intel processors and the 'PC' architecture.
What about ARM and, say, the Raspberry Pi? Are we put off by the binary GPU blob in the processor?
Which is the most transparent processor? Is there anything one can 'program' oneself into an FPGA? Can one trust the tool chain?
I was struck how few processors there are left - are there any used in any mainstream computers apart from Intel / AMD x86/x64, the dying Itanium, ARM and SPARC?

Obviously, one has to consider the O.S. Somehow I knew long ago that GNU TLS was written by people who didn't really know what they were doing due to Stallmanite butthurt http://www.zdnet.com/article/another-serious-gnutls-bug-exposes-linux-clients-to-server-attacks/ (never have done stuff with that level of code, but it was something I had come across - someone working on one of the BSDs saying it presumably). So, on the whole I think I would prefer a BSD variant. Not that I am an open source bigot / fan, but clearly one would trust Microsoft / Apple / Google as far as one could spit them.

Suppose one wanted to observe the constraint that 'only the CPU is a CPU - no sneaky CPUs in the keyboard / mouse / disk / graphics card (monitor allowed providing it is 'properly isolated' (whatever that means)(probably)(or maybe a CRT), is this feasible these days?
Remember, your SD card may have a CPU http://www.bunniestudios.com/blog/?p=3554

Remember weasel's 3 laws of computing:
1. You can't trust computers
2. Everything is a computer
3. Run!!!!!

A bit terse and stream of consciousness but I can see this turning into a 200 page rant (197 of them footnotes) otherwise.
  • Post a new comment


    default userpic

    Your reply will be screened

  • 1 comment
I can't necessarily speak for books (you seem to be more interested in the hardware side which is not my area), but the "only the CPU is a CPU" bit -- no chance at all. There _may_ not be one in modern mice, but there will be in the disk and the graphics card for certain; many of the Bitcoin clients use the graphics card processor to do their computation...