LisPiBut if all (most) CPUs are FGPAs, how does one bootstrap and assume the payload is not malicious?<br><br>Programmers using discrete electronics and punched tape would be a human-auditable (if tedious) way of bootstrapping.<br><br>A minimum viable target & programs for it to bootstrap everything else would be needed.<br><br>I consider this analogous to the <a class="hashtag" href="https://udongein.xyz/tag/guix" rel="nofollow noopener noreferrer" target="_blank">#Guix</a> bootstrap seed endeavor.<br><br><a class="hashtag" href="https://udongein.xyz/tag/fpga" rel="nofollow noopener noreferrer" target="_blank">#FPGA</a> <a class="hashtag" href="https://udongein.xyz/tag/bootstrap" rel="nofollow noopener noreferrer" target="_blank">#Bootstrap</a> <a class="hashtag" href="https://udongein.xyz/tag/bootstrapping" rel="nofollow noopener noreferrer" target="_blank">#Bootstrapping</a> <a class="hashtag" href="https://udongein.xyz/tag/cpu" rel="nofollow noopener noreferrer" target="_blank">#CPU</a> <a class="hashtag" href="https://udongein.xyz/tag/hardware" rel="nofollow noopener noreferrer" target="_blank">#Hardware</a> <a class="hashtag" href="https://udongein.xyz/tag/security" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a class="hashtag" href="https://udongein.xyz/tag/auditability" rel="nofollow noopener noreferrer" target="_blank">#Auditability</a>
Recent searches
No recent searches
Search options
Only available when logged in.
mstdn.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A general-purpose Mastodon server with a 500 character limit. All languages are welcome.
Administered by:
Server stats:
16Kactive users
mstdn.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.4
#auditability
0 posts · 0 participants · 0 posts today
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://cosocial.ca/@virtuous_sloth" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>virtuous_sloth</span></a></span> <span class="h-card" translate="no"><a href="https://beige.party/@TheBreadmonkey" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>TheBreadmonkey</span></a></span> I do agree on the fact that <a href="https://infosec.space/tags/auditability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>auditability</span></a> and <a href="https://infosec.space/tags/transparency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>transparency</span></a> is important! </p><ul><li>I'll gladly migrate to a better option if there is one!</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.nitrokey.com/@nitrokey" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nitrokey</span></a></span> <a href="https://infosec.space/tags/NOICE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NOICE</span></a>! </p><p>After all, I'm a strong opponent of <a href="https://infosec.space/tags/blackbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blackbox</span></a>|es in terms of <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITsec</span></a> and <a href="https://infosec.space/tags/Encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Encryption</span></a> and I do think that <a href="https://infosec.space/tags/transparency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>transparency</span></a> is necessary for real <a href="https://infosec.space/tags/auditability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>auditability</span></a>. </p><ul><li>Everything else is just <a href="https://infosec.space/tags/TrustMeBro" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TrustMeBro</span></a>-level of <a href="https://infosec.space/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> and I don't like that...</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://toot.io/@methuselah" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>methuselah</span></a></span> <span class="h-card" translate="no"><a href="https://social.glitched.systems/@froge" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>froge</span></a></span> precisely...</p><ul><li>Same with like <a href="https://infosec.space/tags/IRC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IRC</span></a>: They run even on really old systems barely siphoning resources... </li></ul><p>To me <a href="https://infosec.space/tags/Matrix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Matrix</span></a> feels really undercooked and half-baked compared even to shitshows like <a href="https://infosec.space/tags/Slack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Slack</span></a> and <a href="https://infosec.space/tags/Discord" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Discord</span></a>... </p><ul><li>Whereas <a href="https://infosec.space/tags/Zulip" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Zulip</span></a> has proven itself as a good solution, which I'd rather shive behind a <a href="https://infosec.space/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VPN</span></a> to add <a href="https://infosec.space/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> since for <a href="https://infosec.space/tags/organization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>organization</span></a>-based <a href="https://infosec.space/tags/chat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>chat</span></a> infrastructure, one may have to face strict <a href="https://infosec.space/tags/logging" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>logging</span></a> and <a href="https://infosec.space/tags/auditability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>auditability</span></a> requirements (Don't let me get started on <a href="https://infosec.space/tags/GoBD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoBD</span></a>)...<br></li></ul><p>OFC there is no <em>"one solution fits all"</em> because there are conflicting requirements for different use-cases...</p><ul><li>And my recommendations are based off given data like said requirements: Proper <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a> with self-custody of keys as well as per-session individual, non-persistent keys is inherently incompatible with mandatory <a href="https://infosec.space/tags/archival" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>archival</span></a> requirements in <a href="https://infosec.space/tags/businesses" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>businesses</span></a>...</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://hooves.social/@rayglittersoft" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>rayglittersoft</span></a></span> I mean, don't take every word of him at face value - he has some nuts loose...</p><p>Personally, I don't think <a href="https://infosec.space/tags/Bitcoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bitcoin</span></a> or <a href="https://infosec.space/tags/Ethereum" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ethereum</span></a> have a longterm future cuz they've got a very finite amount of coins and that makes them fall on their faces once the last has been mined.</p><p>Needless to say that every big purchase may fall under KYC & AML and thus face the same scrutiny.</p><p>Fortunately, <a href="https://infosec.space/tags/Monero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Monero</span></a> does allow such <a href="https://infosec.space/tags/transparency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>transparency</span></a> and <a href="https://infosec.space/tags/auditability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>auditability</span></a> whereever needed or desired (aka. <a href="https://infosec.space/tags/ViewKey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ViewKey</span></a>) and the rest is just complying with <a href="https://infosec.space/tags/accounting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>accounting</span></a> and <a href="https://infosec.space/tags/bookkeeping" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bookkeeping</span></a> standards as relevant...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://groupe-tazor.com/@Yuki" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Yuki</span></a></span> <span class="h-card" translate="no"><a href="https://linuxrocks.online/@BrodieOnLinux" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BrodieOnLinux</span></a></span> As shit as RMS his, he's sadly right.</p><p>Needless to say, <span class="h-card" translate="no"><a href="https://mastodon.social/@cperciva" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>cperciva</span></a></span> will pretty much remind people that <em>"<a href="https://infosec.space/tags/SourceAvailable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SourceAvailable</span></a>"</em> is NOT <a href="https://infosec.space/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> and that <a href="https://infosec.space/tags/Tarsnap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tarsnap</span></a>'s <a href="https://infosec.space/tags/SourceCode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SourceCode</span></a> is merely made available for <a href="https://infosec.space/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> and <a href="https://infosec.space/tags/auditability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>auditability</span></a> reasons as well as enabling people to build it for their (potentially weird) machine...<br><a href="http://tarsnap.com/open-source.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">http://</span><span class="">tarsnap.com/open-source.html</span><span class="invisible"></span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://wetdry.world/@esm" class="u-url mention">@<span>esm</span></a></span> I digress:</p><p>There are many good <a href="https://mstdn.social/tags/XMPP" class="mention hashtag" rel="tag">#<span>XMPP</span></a>-Clients like <a href="https://mstdn.social/tags/Profanity" class="mention hashtag" rel="tag">#<span>Profanity</span></a> (<a href="https://mstdn.social/tags/CLI" class="mention hashtag" rel="tag">#<span>CLI</span></a>), <a href="https://mstdn.social/tags/monoclesChat" class="mention hashtag" rel="tag">#<span>monoclesChat</span></a> (<a href="https://mstdn.social/tags/Android" class="mention hashtag" rel="tag">#<span>Android</span></a>) and <a href="https://mstdn.social/tags/Gajim" class="mention hashtag" rel="tag">#<span>Gajim</span></a> (<a href="https://mstdn.social/tags/Desktop" class="mention hashtag" rel="tag">#<span>Desktop</span></a>-<a href="https://mstdn.social/tags/GUI" class="mention hashtag" rel="tag">#<span>GUI</span></a>)...</p><p>And in terms of <a href="https://mstdn.social/tags/Organizations" class="mention hashtag" rel="tag">#<span>Organizations</span></a> that require <a href="https://mstdn.social/tags/Auditability" class="mention hashtag" rel="tag">#<span>Auditability</span></a>, the only good option I found is <a href="https://mstdn.social/tags/Zulip" class="mention hashtag" rel="tag">#<span>Zulip</span></a>, which has excellent <a href="https://mstdn.social/tags/Clients" class="mention hashtag" rel="tag">#<span>Clients</span></a> for <a href="https://mstdn.social/tags/Desktop" class="mention hashtag" rel="tag">#<span>Desktop</span></a> and <a href="https://mstdn.social/tags/Terminal" class="mention hashtag" rel="tag">#<span>Terminal</span></a> as well - tho sadly the latter one is written in <a href="https://mstdn.social/tags/Python" class="mention hashtag" rel="tag">#<span>Python</span></a> and not like a static binary...<br /><a href="https://github.com/zulip/zulip-terminal" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">github.com/zulip/zulip-termina</span><span class="invisible">l</span></a></p>
Cory Doctorow<p>Thus, "open AI" is best understood as "as free product development" for large, well-capitalized AI firms, done by tinkerers who will not be able to escape these giants' proprietary compute silos and opaque training corpuses, and whose work product is guaranteed to be compatible with the giants' own systems.</p><p>The instrumental story about the virtues of "open" often invoke <a href="https://mamot.fr/tags/auditability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>auditability</span></a>: the fact that anyone can look at the source code makes it easier for bugs to be identified. </p><p>35/</p>
Nuno Facha :rubberduck: 🇵🇹<p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> community, need suggestions :eyes_happy:</p><p>At work there are some generic emails like general@company.com, billing@company.com and so on,<br>This are all on <a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> <a href="https://infosec.exchange/tags/Gsuite" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Gsuite</span></a> </p><p>All have secure passwords and <a href="https://infosec.exchange/tags/twofactorauthentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>twofactorauthentication</span></a> shared via <a href="https://infosec.exchange/tags/bitwarden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bitwarden</span></a> with people that use them</p><p>I still don't like the idea of multiple people accessing the account and reducing the <a href="https://infosec.exchange/tags/auditability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>auditability</span></a> of who did what, for inbound email I can setup forwarding rules, but for them to send out email they still need to access the actual account, any better way to do it then this?</p>
Märt Põder<p>This individual vote verification tool for ongoing parliamentary elections in Estonia with its e-voting found its way into my digital democracy toolbox. We basically have individual verification for 30 minutes after submitting the ballot, but this tool lets you download the cryptogram, decrypt it and keep it for memory or later use. <a href="https://github.com/infoaed/kryptogramm" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="">github.com/infoaed/kryptogramm</span><span class="invisible"></span></a> <a href="https://mstdn.social/tags/evoting" class="mention hashtag" rel="tag">#<span>evoting</span></a> <a href="https://mstdn.social/tags/verification" class="mention hashtag" rel="tag">#<span>verification</span></a> <a href="https://mstdn.social/tags/auditability" class="mention hashtag" rel="tag">#<span>auditability</span></a> <a href="https://mstdn.social/tags/rk2023" class="mention hashtag" rel="tag">#<span>rk2023</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload