GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    LisPi (lispi314@udongein.xyz)'s status on Saturday, 13-Jul-2024 03:33:58 JST LisPi LisPi
    in reply to
    • Genders: ♾️, 🟪⬛🟩; Soni L.
    @SoniEx2 There are a number of options. I haven't looked at WASM in enough detail, but it is possible it provides the right logical restrictions underneath the languages implemented on it. Similarly, there was a C guest on Open Genera.

    It isn't strictly necessary to use a bytecode VM to achieve those results, but it requires the language not having direct access semantics or the compiler ignoring that and still emulating things atop safe constructs instead (C thinking it's doing memory accesses while it's just accessing a dynamically-checked array implemented in Common Lisp, for example).

    Of course one caveat I didn't mention in my original post is that no matter the theoretical soundness & resulting logical security, hardware side-channels can completely blow it, so it is still no license to just execute arbitrary code (such as proprietary malware).
    In conversation about 4 months ago from udongein.xyz permalink
    • :blobancap: :blobcattrans: :blobancap: :blobcattrans: :blobancap: :blobcattrans: likes this.
    • Embed this notice
      Genders: ♾️, 🟪⬛🟩; Soni L. (soniex2@chaos.social)'s status on Saturday, 13-Jul-2024 03:33:59 JST Genders: ♾️, 🟪⬛🟩; Soni L. Genders: ♾️, 🟪⬛🟩; Soni L.
      in reply to

      @lispi314 also wasm

      In conversation about 4 months ago permalink
    • Embed this notice
      LisPi (lispi314@udongein.xyz)'s status on Saturday, 13-Jul-2024 03:34:00 JST LisPi LisPi
      The Old Computer Challenge (and various similar things) just make(s) me wish we had properly cared about secure Free Software OSes back then.

      Isolation the likes of which Qubes achieves really /doesn't/ require memory-heavy VMs if you start with the right primitives and build the OS from the ground up.

      Some capability-security OS written in some language that easily reifies this aspect (Language-Based Security simplifies a lot of things), like Common Lisp, could achieve similar isolation in ephemeral "worlds" with a fraction of the compute resources.

      >512MB~1GB to isolate an environment from the rest of the machine? How about ~1MB or less instead?
      In conversation about 4 months ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.