Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://sfba.social/users/karlauerbach/statuses/113539787379385207">Karl Auerbach (karlauerbach@sfba.social)'s status on Monday, 25-Nov-2024 11:38:06 JST</a><a href="https://sfba.social/@karlauerbach" title="karlauerbach@sfba.social"><img src="https://gnusocial.jp/avatar/57840-48-20230729035349.webp" width="48" height="48" alt="Karl Auerbach" style="position: absolute; left: 0; top: 0;">Karl Auerbach</a><div><a href="https://toot.yosh.is/@yosh/113538035281601773" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://toot.yosh.is/@yosh">@yosh</a> Way back in the 1970s we worked on machines with true hardware Capability architectures (not that weak thing with that name in Linux).</p><p>Those architectures let us get closer to the security rule of giving no module more authority than it needed to get its job done.</p><p>(I once got to help design an OS and then to design/build the capability based computer to run it.  But it was classified so nobody ever heard about it.)</p><p>I wish we would revive the lost technology of capability hardware architectures.</p><p>Here's one such effort:</p><p><a href="https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/" rel="nofollow noreferrer">https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4064176#notice-7942996">In conversation</a><time datetime="2024-11-25T11:38:06+09:00" title="Monday, 25-Nov-2024 11:38:06 JST">about 2 months ago</time> <span>from <span><a href="https://sfba.social/@karlauerbach/113539787379385207" rel="external" title="Sent from sfba.social via ActivityPub">sfba.social</a></span></span><a href="https://sfba.social/@karlauerbach/113539787379385207">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Karl Auerbach (karlauerbach@sfba.social)'s status on Monday, 25-Nov-2024 11:38:06 JSTKarl Auerbach
in reply to
- yosh
@yosh Way back in the 1970s we worked on machines with true hardware Capability architectures (not that weak thing with that name in Linux).
Those architectures let us get closer to the security rule of giving no module more authority than it needed to get its job done.
(I once got to help design an OS and then to design/build the capability based computer to run it. But it was classified so nobody ever heard about it.)
I wish we would revive the lost technology of capability hardware architectures.
Here's one such effort:
https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/
In conversationabout 2 months ago from sfba.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice