Mike Belopuhov @mike@x0r.be
An aspiring software engineer. Mastodon fan. I speak for myself.
I wish GitLab would be a bit more lightweight, setting up a whole chain of storage, app, database, CI takes more than a single person can reasonably afford.
FACT - coffee tastes better from an #OpenBSD mug.
@mike Now we know what to expect with the new Bavarian police law. Reminds me of the stories my grandmother used to tell. She was born 1920.
They confiscated a 3D printed model of a nuclear bomb and labeled the bag "Crime: To produce an explosion"
You cannot make this up.
Source: Spiegel Online, http://www.spiegel.de/netzwelt/web/hausdurchsuchungen-bei-netzaktivisten-chaos-computer-club-kritisiert-polizeivorgehen-a-1216463.html
Holy shit. The Bavarian Police conducted a raid at the #Zwiebelfreunde und the CCC Augsburg and confiscated personal belongings without having a real proof.
Money quote: "The mere presence of an e-mail address at a large free provider on a website has caused law enforcement authorities to deduce that a German association [...] must be connected to this website somehow"
@mike Some appreciation for your work: https://pauladamsmith.com/blog/2018/07/fixing-bufferbloat-on-your-home-network-with-openbsd-6.2-or-newer.html 👍🏻
"Fixing bufferbloat on your home network with #OpenBSD 6.2 or newer - Paul Smith" HT @paulsmith@twitter.com @mike
https://pauladamsmith.com/blog/2018/07/fixing-bufferbloat-on-your-home-network-with-openbsd-6.2-or-newer.html
And here we see #HardenedBSD 12-CURRENT/arm64 with Control Flow Integrity (CFI), a powerful exploit mitigation, enabled on the RPI3.
Just attending an AppArmor Talk and the speaker showed this slide:
By combining ASLR, NOEXEC, CFI, SafeStack, and the other hardening techniques, #HardenedBSD provides a pretty hostile environment for exploit authors. That's not to say exploitation is impossible; rather, it becomes much more difficult and time consuming.
3/3
The CFI implementation in llvm only protects forward edges. The primary use case is to prevent abusing function pointers and indirect branches to hijack the control flow.
llvm also includes SafeStack, which can help secure backward edges. We use that in #HardenedBSD, too
2/3
Did you know that #HardenedBSD's feature set includes more than ASLR? We have also implemented PaX NOEXEC, integrated non-Cross-DSO CFI, and many other features.
We're working hard on Cross-DSO CFI. Control Flow Integrity (CFI) is a powerful exploit mitigation.
1/3
"Our TLBleed exploit successfully leaks a 256-bit EdDSA key from libgcrypt (used in e.g. GPG) with a
98% success rate after just a single observation of signing operation on a co-resident hyperthread and just 17 seconds of analysis time."
https://www.blackhat.com/us-18/briefings.html#tlbleed-when-protecting-your-cpu-caches-is-not-enough
At BSDCan: "Everytime I see one of you OpenBSD developers you look like you are ready for the next hike."
Me: 😊
@mike and all of you together rock!
Thank you for kicking me into the correct direction. As you can see, that was successful. :-)
@florian it seems there is a new sysctl in GENERIC.MP #24 : I see a sysctl_hwsmt symbol. wonder what it should be... 😃
