Deleted tweet detection is currently running at reduced
capacity due to changes to the Twitter API. Some tweets that have been
deleted by the tweet author may not be labeled as deleted in the PolitiTweet
interface.
Showing page 17 of 28.
Joanna Rutkowska @rootkovska
@AndreaBarisani Sure, but I think @i0n1c wanted a diode-like medium (hence DVD-R) @ioerror — PolitiTweet.org
Joanna Rutkowska @rootkovska
@monsterlemon True. Today :) @ioerror — PolitiTweet.org
Joanna Rutkowska @rootkovska
@talex5 Perhaps this could even be Dom0, although we would very carefully sanitize the strings... — PolitiTweet.org
Joanna Rutkowska @rootkovska
@VinylTiger Perhaps true. Assuming you can reliably nuke the device afterwards (remember it has flash memory inside) @ioerror — PolitiTweet.org
Joanna Rutkowska @rootkovska
@ioerror Point being: there are no simple (code complexity-wise) means of transferring data into an airgapped machine. — PolitiTweet.org
Joanna Rutkowska @rootkovska
@talex5 Whichever the user selects, I guess? I have 10+ gpg-hosting VMs. I think they all could use one zenity displaying VM. — PolitiTweet.org
Joanna Rutkowska @rootkovska
@ioerror How do you ensure it's clean state the first time you connect? (Vendor rootkit in the uC flash? Or backdoored during transist?) — PolitiTweet.org
Joanna Rutkowska @rootkovska
Reminder to those who think DVD-Rs are such a no-brainer for air-gap implementation: https://t.co/6eKZulbxZz — PolitiTweet.org
Joanna Rutkowska @rootkovska
@luvsqx Using CD-R requires you to plug a complex untrusted USB device (the CD-R drive), not v. wise! @i0n1c @AndreaBarisani — PolitiTweet.org
Joanna Rutkowska @rootkovska
@talex5 One idea: a simple qrexec service for zenity-like functionality? No need to implement GUI in Mirage then, enough for GPG service. — PolitiTweet.org
Joanna Rutkowska @rootkovska
Plugging untrusted devices into your (monolithic) personal computer considered harmful ;) https://t.co/vBhBmGZV6Z — PolitiTweet.org
Joanna Rutkowska @rootkovska
@AndreaBarisani Better mitigation is to combine Qubes's USB sandboxing, qvm-block, and LUKS :) @i0n1c — PolitiTweet.org
Joanna Rutkowska @rootkovska
@AndreaBarisani You'd need to ensure the target kernel doesn't try to parse this device in any "intelligent" way, might be tricky... @i0n1c — PolitiTweet.org
Joanna Rutkowska @rootkovska
@i0n1c But beware you can still be owned by a malformed part table or fs meta, exploiting a kernel bug in dst machine. @AndreaBarisani — PolitiTweet.org
Joanna Rutkowska @rootkovska
@i0n1c (cont) While one could argue the uSD internal uC flash(?) might be reflashed, that would require a 2 stage attack. @AndreaBarisani — PolitiTweet.org
Joanna Rutkowska @rootkovska
@i0n1c USB Armory has no flash, only a uSD card, which you can verify/re-image on a trusted system. /cc @AndreaBarisani — PolitiTweet.org
Joanna Rutkowska @rootkovska
@stmanfr Have you seen this: https://t.co/4eicUHn6OI How does your work compare? /cc @Netzblockierer @ioerror — PolitiTweet.org
Joanna Rutkowska @rootkovska
@avsm @justincormack @talex5 How difficult would it be to have a GPG backend running in such a MirageOS unikernel? — PolitiTweet.org
Joanna Rutkowska @rootkovska
@avsm What kind of drivers do you need in unikernel applications, really? — PolitiTweet.org
Joanna Rutkowska @rootkovska
@avsm @justincormack @talex5 Oh, I thought MirageOS-based unikernels require specially written apps, no? — PolitiTweet.org
Joanna Rutkowska @rootkovska
@justincormack Right, but from the architecture point of view? Or even: admin point of view? — PolitiTweet.org
Joanna Rutkowska @rootkovska
(cont.) Is it just that the OSv primarily targets KVM, while the Rumprun Xen? Are there more important differences? — PolitiTweet.org
Joanna Rutkowska @rootkovska
So, what's the primary difference in goals for the Rumprun and OSv unikernels? They both provide support for legacy POSIX apps, right? — PolitiTweet.org
Joanna Rutkowska @rootkovska
@evainfeld Beautiful shots! — PolitiTweet.org
Joanna Rutkowska @rootkovska
@thegrugq @csoghoian opensource crypto will work only if the industry doesn't destroy general purpose personal computing #IntelME must die. — PolitiTweet.org
Joanna Rutkowska @rootkovska
@Serianox_ Yes: https://t.co/6eLVUXr9JX /cc @AndreaBarisani — PolitiTweet.org
Joanna Rutkowska @rootkovska
@Serianox_ ... in case of the USB Armory I do, in case of some obscure, tamper-proof uC I don't. — PolitiTweet.org
Joanna Rutkowska @rootkovska
@Serianox_ The fundamental question is: do I have control over the code that runs on the processor which handles my private key? — PolitiTweet.org
Joanna Rutkowska @rootkovska
@Serianox_ Vendor backdoor. — PolitiTweet.org
Joanna Rutkowska @rootkovska
@Serianox_ In that case why giving it access to my priv key? Physical protection? But one day it might just leak it on request... — PolitiTweet.org
