Notices by kline 🏴󠁧󠁢󠁳󠁣󠁴󠁿 (kline@mastodon.sdf.org), page 3

(disclaimer: I can't see shit, it's probably libre office in Debian or something)

You can tell this is the plan9 talk because they can't get it to connect to the projector.

Ok, I went to a talk about zephyr but it was actually guy wearing a suit talking about how he couldn't get his proprietary FPGA toolchain to work, commenting that he knew about the free toolchain - just he didn't want to use it. It was a bit of a let down and it feels like he maybe missed the audience profile. He also tried to plug some commercial offerings.

Anyway, now it's about kids designing and building airtag alternatives!

(if you're wondering how this works, it's a bit like LUKS - the TPM has a small, on-chip bit of cryptography and then all the private key material can be stored in bulk, anywhere, but is unusable without sending it to the TPM when you need it, where it will use the local crypto to decrypt the privkey, do the operation you needed it for, and then return only the result you requested before forgetting the cleartext private key from the TPM memory)

@lanodan yeah, really it pans out to something like "here's my (aes encrypted) private key (and the aes key is on an mobo-mounted yubikey)"

@lanodan (but yes, he did say as well that before anyone tried to steal his laptop, the keyfile pictured was from hardware he had not brought to the conference)

@lanodan TPMs (and also the keyfile like the one pictured) can be fitted out with PINs/passwords as needed. The keyfile on the slide was stripped of its password but has one in practice (though you need to wonder maybe why though)

@Mae @ubergeek the TPM specifically has a further major issue: that of being non-free hardware (and associated firmware). But instead of throwing away the good bits, we should instead drive at making it free - a RISCV TPM with free firmware? This is would be an amazing outcome.
TPMs are good concepts - secure enclaves that are less attackable. Even if you need to comply or even give your laptop/hdd over, attackers will never be able to extract your privkey from it, and that's a good thing.

Ok - the chains that bind us, TPM, and a-moral software.

I strongly believe that software, as much as possible, should be without morals. I'm the same way that postgis can be used for humanitarian disasters, it can also be used to build surveillance databases. The same crypto that allows us to talk privately and with confidence in our partner can be used to sign firmware to prevent user control. @Mae @ubergeek

@Mae @ubergeek it's a difficult field to navigate, and there are definitely instances that are really fucking horrible, where free software can be used to abuse and oppress both users and bystanders. I don't think this makes that those foundational technologies like databases or TPMs inherently a bad thing, but we do need to ensure they're free - for any purpose - and to absolutely stop at the social (moral, even!) level from the abuse of such tools.

And in this talk James puts his money where is mouth is, posting his kernel.org private key as a qr code. The catch? The private key content can only be decrypted and used in conjunction with the TPM on his laptop.

Pretty bold.

My first main track talk now, using TPMs for key storage on laptops. Better than a yubikey?

I couldn't get into the transit room next door (it's super popular!) so I'm back in the Erlang room seeing how you can implement UDP protocols.

That's it! That's the whole server!

Just finishing up a talk on Erlang's gen_statem, and just caught the end when coming in about Gleam - looks good!

Starting my #fosdem thread here. I've already managed to get one of the gold dust "M" size hoodies, one of the last, as well as see some stuff about open transit.

For now, I'm at "vanilla Debian on an industrial embedded device".

@ubergeek the speaker covered this very briefly and I'm confident that it's not really true, but they are hard to use for more general usability issues than reasons of anti-user sentiment.

They absolutely _can_ be abused, but this isn't inherent to the tpm design but more like things such as tpm-using DRM or secureboot preventing loading a new os.

heyyo fosdem tomorrow

@lanodan the wikimedia foundation doesn't want you to know this but wikipedia is free, you can just download it.
I have 458GB of wikipedia at home.

"Journalctl is systemd’s much-maligned replacement for syslogs. Crusty old nerds like me are mad it’s not just a text file. But the binary format actually has a lot of advantages, you can efficiently do simple time and metadata queries. I also like the color pager it gives you. Now that I’ve learned a bit about the journalctl tool I like it more."

I feel like this is probably more common a story than people admit to, or will let themselves get into.

@freemo suspenders should be more towards the front, but most of all you need to iron the shirt after it's been folded.