Deleted tweet detection is currently running at reduced
capacity due to changes to the Twitter API. Some tweets that have been
deleted by the tweet author may not be labeled as deleted in the PolitiTweet
interface.
Showing page 106 of 151.
Joanna Rutkowska @rootkovska
@CopperheadOS @veorq @sweis That's what they said at the Linux Summit talk, correct? — PolitiTweet.org
Joanna Rutkowska @rootkovska
@CopperheadOS @veorq @sweis Could that be they adjust the messaging depending on who is in the audience? Nah... ;) — PolitiTweet.org
Joanna Rutkowska @rootkovska
@CopperheadOS @veorq @sweis The slide #9 clearly states the goal is to protect against an "untrusted hypervisor" ;) https://t.co/MrLJPbVAn4 — PolitiTweet.org
Joanna Rutkowska @rootkovska
Important thing to point out (for my stateless hw idea at least): the NV storage is *off-chip* :) https://t.co/r9iyiPiAhp — PolitiTweet.org
Joanna Rutkowska @rootkovska
Ladies and Gents, meet the AMD's equivalent of the Intel's Management Engine (ME): The AMD Secure Processor! https://t.co/rs2vSafcc9
Joanna Rutkowska @rootkovska
Ladies and Gents, meet the AMD's equivalent of the Intel's Management Engine (ME): The AMD Secure Processor! https://t.co/rs2vSafcc9 — PolitiTweet.org
Joanna Rutkowska @rootkovska
@CopperheadOS @veorq I just RT the link to the slides (thanks @sweis). — PolitiTweet.org
Joanna Rutkowska @rootkovska
RT @sweis: AMD memory encryption: https://t.co/87EW4Btfpr — PolitiTweet.org
Joanna Rutkowska @rootkovska
@veorq The term "not fully malicious" is a mystery to me ;) — PolitiTweet.org
Joanna Rutkowska @rootkovska
RT @CopperheadOS: @rootkovska SEV currently doesn't offer protection against a malicious hypervisor. They intend it to be a memory disclosu… — PolitiTweet.org
Joanna Rutkowska @rootkovska
@CopperheadOS That's not what one can deduce from e.g. the AMD whitepaper... But likely you're correct about state of things :/ — PolitiTweet.org
Joanna Rutkowska @rootkovska
RT @solardiz: Finally starting to live in Slovenia on my residence & work permit. Took 2 years to get this far. %-) Thanks to all who have… — PolitiTweet.org
Joanna Rutkowska @rootkovska
RT @QubesOS: Qubes OS 3.2 rc3 has been released! https://t.co/qmNw87XdI3 — PolitiTweet.org
Joanna Rutkowska @rootkovska
@AviKivity Yeah, they can DMA to shared (i.e. not encrypted) memory, which is useless for protected I/O. But why you think nested IOMMU req? — PolitiTweet.org
Joanna Rutkowska @rootkovska
/cc @AMD — PolitiTweet.org
Joanna Rutkowska @rootkovska
This would allow to implement protected HID and video. Protected against malicious hypervisor and BIOS, not DRM-protected. — PolitiTweet.org
Joanna Rutkowska @rootkovska
Also too bad the the SEV VMs would not be allowed to recv a DMA. Why not have IOMMU do transparent decryption of DMAs? — PolitiTweet.org
Joanna Rutkowska @rootkovska
In particular the dynamic ASID-key associations, partly delegated to VMM, seems like an interesting avenue for further research.. /cc @veorq — PolitiTweet.org
Joanna Rutkowska @rootkovska
AMD SEV seems to promise even more than Intel SGX: full VM mem encryption, more flexibly. Thoughts? https://t.co/8cs1JIT0bZ — PolitiTweet.org
Joanna Rutkowska @rootkovska
@yanaimoyal @QubesOS @lordbaco We've been discussing KVM - the hyper-visor, not KVM - the monitor/kbd/mouse emulator ;) — PolitiTweet.org
Joanna Rutkowska @rootkovska
@lordbaco The problem with KVM is lack of support to run backends in (unprivileged) VMs. SRIOV wouldn't change that. — PolitiTweet.org
Joanna Rutkowska @rootkovska
@lordbaco Because KVM architecture doesn't allow us to isolate networking and USB stacks into untrusted VMs. Also require trusting qemu. — PolitiTweet.org
Joanna Rutkowska @rootkovska
Yeah, Xen bugs are coming all the time. Nevertheless, we plan to release Qubes 3.2-rc3 according to plan today :) https://t.co/eLjvVVqj9G — PolitiTweet.org
Joanna Rutkowska @rootkovska
...or one of the most dubious one? Their proprietary uC seems just yet another "Intel ME"... :/ https://t.co/2lMXwQaRTu — PolitiTweet.org
//::ORWL::// @Orwlr
@Orwlr is now available with preinstalled @QubesOS; may very well be the most secure OS for a PC. #infosec https://t.co/HsuTUsbJPS
Joanna Rutkowska @rootkovska
@solardiz @QubesOS Care to send PR? ;) https://t.co/6If8sDgDOR — PolitiTweet.org
Joanna Rutkowska @rootkovska
+1 https://t.co/LaNV1F9fBj — PolitiTweet.org
Kyle Maxwell 🔢 🖥 ☕️ @kylemaxwell
It's 2016 and Sneakers is still the best hacking movie ever. https://t.co/FdusFbPrro
Joanna Rutkowska @rootkovska
@bortzmeyer Right, things like pip install, etc? Every time I'm forced to do that, I'm glad I could do that in a VM ;) — PolitiTweet.org
Joanna Rutkowska @rootkovska
@bortzmeyer AFAIU this could only work for systems which allow unsigned packages installation (e.g. no gpgcheck in /etc/yum/...)? — PolitiTweet.org
Joanna Rutkowska @rootkovska
@robertswiecki @hanno (Obviously w/o the silly semantics of failing back to "all is fine" in case no sig is found, as currently '-K' does) — PolitiTweet.org
Joanna Rutkowska @rootkovska
@robertswiecki @hanno But b/c RPMs do (can) have embedded sigs, I think it would be prudent to have '-i' verify them (enabled via /etc). — PolitiTweet.org
Joanna Rutkowska @rootkovska
@robertswiecki @hanno Which is a pity. E.g. we rely on embedded sigs in Qubes to verify each RPM offered to Dom0: https://t.co/8PT8XNfa2C — PolitiTweet.org
