Notices by david_chisnall (david_chisnall@infosec.exchange), page 2

@winterschon @matt An increasing number of things depend on the systemd socket activation protocol. It’s going to become important fairly soon that we have support for it in the service management system.

@doerk @winterschon @matt I don’t think anyone is suggesting importing systemd into FreeBSD, but I don’t know who would complain about services consuming no RAM when not in use.

Any #Rust folks giving up on Linux:

#FreeBSD has no current plan for Rust, but we want one! We want experienced Rust people to tell us how it should work. We’re interested in being able to add Rust in both userspace and the kernel, but we need a way of using Rust that works with multi-year support cycles (we need to be able to easily merge security fixes in trunk back to a branch that was originally made four years ago).

Personally, I’d love to see a new service management framework for FreeBSD written in Rust + Lua.

@ryanc My reading of the AGPL is that you would not because it's a static site generator. Visitors of your blog are not interacting with the software and so the AGPL doesn't apply. They are interacting solely with the output of the software and, if I remember correctly, AGPLv3 inherits from GPLv3 an explicit statement that the output of the software is not covered by any restrictions (GCC has an additional piece of text because it can copy bits of itself into the output and it exempts these).

That said, I am not a lawyer and this is precisely the kind of question that you need a real lawyer to answer. My desire to not have to ask lawyers this kind of question is precisely why I avoid ever modifying AGPL'd code in any way (and, as a side effect, of why I never contribute to AGPL'd projects).

@ryanc That's what you get for not having your phone on do-no-disturb at 8:10.

@patrickcmiller

End-to-end encryption to protect all keystrokes and cursor movement in real time.

Is this satire? What is the remote 'end' to which keystrokes and cursor movements are being sent that needs encryption? And why are keystrokes and cursor movements being sent anywhere?

Do they just mean that they use TLS for their web apps (in which case, that's table stakes)?

For keystrokes and mouse movements encryption isn't sufficient, you need to add noise or traffic analysis can reconstruct them with high probability.

@ryanc @sindarina @rmi @NanoRaptor Only 99% of the time, which makes it extra confusing when it's something real.

@ryanc Now I really want to see them do this:

Nigel Farage, who identifies as a man of the people, but who is biologically a pound-shop fascist with no talent in any field except moving money from one column in a spreadsheet to another, said today...

@ryanc Or do, but do it for everyone.

@ryanc I suspect it’s more that they want to be able to upgrade those libraries when they without breaking third-party things. FreeBSD also ships a few shared libraries without headers (though we stick them in a separate directory with rpath linkage so you can’t accidentally link them) because we don’t want them to be treated as part of the stable ABI. I’m not sure how stable the libcrypto ABIs are, but the rest of OpenSSL has a habit of breaking even source compatibility across versions. Apple almost certainly doesn’t want to be in a situation of having to choose between deploying a security fix or not breaking a load of third-party apps.

@ryanc Or, more broadly: 'What will the behaviour be of a user that doesn't think about these things'.

The canonical example is of security dialogs where users are trained to click 'okay' without reading them, but there are a lot more things related to defaults, positions of icons, and so on.

Unfortunately, the problem is usually not caused by people failing to think of these things. The problem is that the people that do think about these things do not have the interests of their users in mind. They are trying to manufacture consent for things that have negative impacts on their users.

@ryanc @adamshostack @tess @sophieschmieg @Vrimj @singe

Conversely, to your point, nobody needs to care why someone would do an SQLi.

But that’s exactly what I do care about in a threat model. For example, if my database is using access control that restricts the queries that a client can run to the set of things that are exposed, what extra rights can an attacker gain by injecting SQL? If I have an API that allows the client to submit SQL, and another that allows them to run pre-generated queries, and the second is vulnerable to SQL injection because the attacker could just use the same endpoint. In contrast, if I’m using the set of SQL queries that are run in my trusted component to restrict what the user can do, then I care a lot about SQL injection.

The key difference between these two cases is what the attacker is trying to achieve. Whether it’s tampering with other customers data, extracting trade secrets, or trying to find location data on another user to spy on them, the motivation of the attacker is key.

This is particularly true in a compartmentalised system. For a lot of the #CHERIoT work, we have compartments where we assume an attacker can get arbitrary-code execution. To reason usefully about security we have to think about what they want to achieve. Do you want to compromise the control-system logic? Do you want to join a botnet mounting a DDoS attack on other devices (and not care at all what this device is, just that it has a network connection)? This factors into high-level system decide and lets you reason about what classes of attack are in scope and where we care about vulnerabilities.

@ryanc I'd include that under the heading of security. It's closely related to the 'can an attacker leak information from my smart device that tells them when my house is unoccupied' threat.

I'm still waiting for an organised crime syndicate to provide a service that aggregates a load of data from Facebook and similar to tell petty criminals which houses near them are unoccupied.

@ryanc Are there developers that don’t do this already? I suppose that explains the poor security of a lot of products.

@ryanc The next 47 updates that Evri enthusiastically sends to the email that the sender did not have permission to share with them, in contrast, come across like a dystopian version of Kiki's Delivery Service.

@ryanc So space for two new features?

@ryanc so what are you going to do with the other 11 bytes? Space for one more feature?