home.social

#cheribsd — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #cheribsd, aggregated by home.social.

  1. @liilliil I don't think mulit-user (as in concurrent users) per se isn't even a requirement for my personal fantasy ;-) .In that world you could have #HaikuOS with some kind of capability system (like #sculptos or #cheribsd) and make some decent, low-power consumer devices.

  2. @liilliil I don't think mulit-user (as in concurrent users) per se isn't even a requirement for my personal fantasy ;-) .In that world you could have #HaikuOS with some kind of capability system (like #sculptos or #cheribsd) and make some decent, low-power consumer devices.

  3. @liilliil I don't think mulit-user (as in concurrent users) per se isn't even a requirement for my personal fantasy ;-) .In that world you could have #HaikuOS with some kind of capability system (like #sculptos or #cheribsd) and make some decent, low-power consumer devices.

  4. @liilliil I don't think mulit-user (as in concurrent users) per se isn't even a requirement for my personal fantasy ;-) .In that world you could have #HaikuOS with some kind of capability system (like #sculptos or #cheribsd) and make some decent, low-power consumer devices.

  5. @liilliil I don't think mulit-user (as in concurrent users) per se isn't even a requirement for my personal fantasy ;-) .In that world you could have #HaikuOS with some kind of capability system (like #sculptos or #cheribsd) and make some decent, low-power consumer devices.

  6. Yay, #Morello machine updated, now running the latest #CheriBSD. It's been ages since I did a source upgrade of FreeBSD. Hopefully CheriBSD will get pkgbase support soon!

    #FreeBSD #CHERI

  7. Yay, #Morello machine updated, now running the latest #CheriBSD. It's been ages since I did a source upgrade of FreeBSD. Hopefully CheriBSD will get pkgbase support soon!

    #FreeBSD #CHERI

  8. Yay, #Morello machine updated, now running the latest #CheriBSD. It's been ages since I did a source upgrade of FreeBSD. Hopefully CheriBSD will get pkgbase support soon!

    #FreeBSD #CHERI

  9. Yay, #Morello machine updated, now running the latest #CheriBSD. It's been ages since I did a source upgrade of FreeBSD. Hopefully CheriBSD will get pkgbase support soon!

    #FreeBSD #CHERI

  10. Yay, #Morello machine updated, now running the latest #CheriBSD. It's been ages since I did a source upgrade of FreeBSD. Hopefully CheriBSD will get pkgbase support soon!

    #FreeBSD #CHERI

  11. The ‘security revenue addiction’ section in this WIRED article really struck home. I remember attending a talk by a new security VP at Microsoft who was talking about this revenue growth in after-market security products as if it were a good thing that customers needed to pay more to fix preventable issues in core products. It was then that I realised how hard it would be for Microsoft to push #CHERI. The cost of porting the Windows ecosystem across was large but the dent that it would put in that revenue stream was much larger.

    This is a problem for incumbents (see: the innovator’s dilemma). If you already have 90% of the market, most changes will, at best, do nothing to your market share. If you have 5% then you need only a small number of switchers from the dominant platform do double your market share.

    With the mature state of #CheriBSD (#FreeBSD for CHERI platforms), I think there’s a bit opportunity for another vendor to provide a CHERI solution and then pass the ‘must have two suppliers’ rule for requirements in government procurement.

  12. The ‘security revenue addiction’ section in this WIRED article really struck home. I remember attending a talk by a new security VP at Microsoft who was talking about this revenue growth in after-market security products as if it were a good thing that customers needed to pay more to fix preventable issues in core products. It was then that I realised how hard it would be for Microsoft to push #CHERI. The cost of porting the Windows ecosystem across was large but the dent that it would put in that revenue stream was much larger.

    This is a problem for incumbents (see: the innovator’s dilemma). If you already have 90% of the market, most changes will, at best, do nothing to your market share. If you have 5% then you need only a small number of switchers from the dominant platform do double your market share.

    With the mature state of #CheriBSD (#FreeBSD for CHERI platforms), I think there’s a bit opportunity for another vendor to provide a CHERI solution and then pass the ‘must have two suppliers’ rule for requirements in government procurement.

  13. The ‘security revenue addiction’ section in this WIRED article really struck home. I remember attending a talk by a new security VP at Microsoft who was talking about this revenue growth in after-market security products as if it were a good thing that customers needed to pay more to fix preventable issues in core products. It was then that I realised how hard it would be for Microsoft to push #CHERI. The cost of porting the Windows ecosystem across was large but the dent that it would put in that revenue stream was much larger.

    This is a problem for incumbents (see: the innovator’s dilemma). If you already have 90% of the market, most changes will, at best, do nothing to your market share. If you have 5% then you need only a small number of switchers from the dominant platform do double your market share.

    With the mature state of #CheriBSD (#FreeBSD for CHERI platforms), I think there’s a bit opportunity for another vendor to provide a CHERI solution and then pass the ‘must have two suppliers’ rule for requirements in government procurement.

  14. The ‘security revenue addiction’ section in this WIRED article really struck home. I remember attending a talk by a new security VP at Microsoft who was talking about this revenue growth in after-market security products as if it were a good thing that customers needed to pay more to fix preventable issues in core products. It was then that I realised how hard it would be for Microsoft to push #CHERI. The cost of porting the Windows ecosystem across was large but the dent that it would put in that revenue stream was much larger.

    This is a problem for incumbents (see: the innovator’s dilemma). If you already have 90% of the market, most changes will, at best, do nothing to your market share. If you have 5% then you need only a small number of switchers from the dominant platform do double your market share.

    With the mature state of #CheriBSD (#FreeBSD for CHERI platforms), I think there’s a bit opportunity for another vendor to provide a CHERI solution and then pass the ‘must have two suppliers’ rule for requirements in government procurement.

  15. The ‘security revenue addiction’ section in this WIRED article really struck home. I remember attending a talk by a new security VP at Microsoft who was talking about this revenue growth in after-market security products as if it were a good thing that customers needed to pay more to fix preventable issues in core products. It was then that I realised how hard it would be for Microsoft to push #CHERI. The cost of porting the Windows ecosystem across was large but the dent that it would put in that revenue stream was much larger.

    This is a problem for incumbents (see: the innovator’s dilemma). If you already have 90% of the market, most changes will, at best, do nothing to your market share. If you have 5% then you need only a small number of switchers from the dominant platform do double your market share.

    With the mature state of #CheriBSD (#FreeBSD for CHERI platforms), I think there’s a bit opportunity for another vendor to provide a CHERI solution and then pass the ‘must have two suppliers’ rule for requirements in government procurement.

  16. #CHERI all the way down (or up)!

    Or: The worlds most overengineered (but secure!) lightswitch!

    The #EclipseMosquitto MQTT server, running as a pure-capability #CheriBSD pure-capability binary on a Morello system, acting as the server component for an IoT system. Pure-capability programs run with hardware-enforced memory safety, with every pointer represented with a CHERI capability so even single-byte out-of-bounds errors will trap. The kernel is also built in this mode.

    I accidentally booted with the wrong kernel, so we don't have temporal safety on the server yet.

    On the client, we have a #CHERIoT system, where everything has spatial and temporal memory safety. This connects to the CheriBSD server and sends the state of the switches via MQTT and sets the LEDs on the board based on subscriptions to MQTT events. This all happens over TLS 1.2 with ECDSA.

    The network stack is compartmentalised. This demo includes 9 isolated compartments as well as several shared libraries, on a board with 256 KiB of (code + data) RAM, including a memory-safe shared heap.

  17. #CHERI all the way down (or up)!

    Or: The worlds most overengineered (but secure!) lightswitch!

    The #EclipseMosquitto MQTT server, running as a pure-capability #CheriBSD pure-capability binary on a Morello system, acting as the server component for an IoT system. Pure-capability programs run with hardware-enforced memory safety, with every pointer represented with a CHERI capability so even single-byte out-of-bounds errors will trap. The kernel is also built in this mode.

    I accidentally booted with the wrong kernel, so we don't have temporal safety on the server yet.

    On the client, we have a #CHERIoT system, where everything has spatial and temporal memory safety. This connects to the CheriBSD server and sends the state of the switches via MQTT and sets the LEDs on the board based on subscriptions to MQTT events. This all happens over TLS 1.2 with ECDSA.

    The network stack is compartmentalised. This demo includes 9 isolated compartments as well as several shared libraries, on a board with 256 KiB of (code + data) RAM, including a memory-safe shared heap.

  18. #CHERI all the way down (or up)!

    Or: The worlds most overengineered (but secure!) lightswitch!

    The #EclipseMosquitto MQTT server, running as a pure-capability #CheriBSD pure-capability binary on a Morello system, acting as the server component for an IoT system. Pure-capability programs run with hardware-enforced memory safety, with every pointer represented with a CHERI capability so even single-byte out-of-bounds errors will trap. The kernel is also built in this mode.

    I accidentally booted with the wrong kernel, so we don't have temporal safety on the server yet.

    On the client, we have a #CHERIoT system, where everything has spatial and temporal memory safety. This connects to the CheriBSD server and sends the state of the switches via MQTT and sets the LEDs on the board based on subscriptions to MQTT events. This all happens over TLS 1.2 with ECDSA.

    The network stack is compartmentalised. This demo includes 9 isolated compartments as well as several shared libraries, on a board with 256 KiB of (code + data) RAM, including a memory-safe shared heap.

  19. #CHERI all the way down (or up)!

    Or: The worlds most overengineered (but secure!) lightswitch!

    The #EclipseMosquitto MQTT server, running as a pure-capability #CheriBSD pure-capability binary on a Morello system, acting as the server component for an IoT system. Pure-capability programs run with hardware-enforced memory safety, with every pointer represented with a CHERI capability so even single-byte out-of-bounds errors will trap. The kernel is also built in this mode.

    I accidentally booted with the wrong kernel, so we don't have temporal safety on the server yet.

    On the client, we have a #CHERIoT system, where everything has spatial and temporal memory safety. This connects to the CheriBSD server and sends the state of the switches via MQTT and sets the LEDs on the board based on subscriptions to MQTT events. This all happens over TLS 1.2 with ECDSA.

    The network stack is compartmentalised. This demo includes 9 isolated compartments as well as several shared libraries, on a board with 256 KiB of (code + data) RAM, including a memory-safe shared heap.

  20. #CHERI all the way down (or up)!

    Or: The worlds most overengineered (but secure!) lightswitch!

    The #EclipseMosquitto MQTT server, running as a pure-capability #CheriBSD pure-capability binary on a Morello system, acting as the server component for an IoT system. Pure-capability programs run with hardware-enforced memory safety, with every pointer represented with a CHERI capability so even single-byte out-of-bounds errors will trap. The kernel is also built in this mode.

    I accidentally booted with the wrong kernel, so we don't have temporal safety on the server yet.

    On the client, we have a #CHERIoT system, where everything has spatial and temporal memory safety. This connects to the CheriBSD server and sends the state of the switches via MQTT and sets the LEDs on the board based on subscriptions to MQTT events. This all happens over TLS 1.2 with ECDSA.

    The network stack is compartmentalised. This demo includes 9 isolated compartments as well as several shared libraries, on a board with 256 KiB of (code + data) RAM, including a memory-safe shared heap.

  21. Ed Maste, Senior Director of Technology at The FreeBSD Foundation, discusses the rapidly-evolving interplay between hardware, cybersecurity, open source, and instruction set architectures.

    <hackernoon.com/the-cybersecuri>

    @emaste @FreeBSDFoundation

    Cc @josephholsten

    #RISCV #Arm #Morello #CHERI #CheriBSD #hardware #ISA #security #cybersecurity #University #Cambridge #SRI #FreeBSD

  22. Ed Maste, Senior Director of Technology at The FreeBSD Foundation, discusses the rapidly-evolving interplay between hardware, cybersecurity, open source, and instruction set architectures.

    <hackernoon.com/the-cybersecuri>

    @emaste @FreeBSDFoundation

    Cc @josephholsten

    #RISCV #Arm #Morello #CHERI #CheriBSD #hardware #ISA #security #cybersecurity #University #Cambridge #SRI #FreeBSD

  23. Ed Maste, Senior Director of Technology at The FreeBSD Foundation, discusses the rapidly-evolving interplay between hardware, cybersecurity, open source, and instruction set architectures.

    <hackernoon.com/the-cybersecuri>

    @emaste @FreeBSDFoundation

    Cc @josephholsten

    #RISCV #Arm #Morello #CHERI #CheriBSD #hardware #ISA #security #cybersecurity #University #Cambridge #SRI #FreeBSD

  24. Ed Maste, Senior Director of Technology at The FreeBSD Foundation, discusses the rapidly-evolving interplay between hardware, cybersecurity, open source, and instruction set architectures.

    <hackernoon.com/the-cybersecuri>

    @emaste @FreeBSDFoundation

    Cc @josephholsten

    #RISCV #Arm #Morello #CHERI #CheriBSD #hardware #ISA #security #cybersecurity #University #Cambridge #SRI #FreeBSD

  25. Ed Maste, Senior Director of Technology at The FreeBSD Foundation, discusses the rapidly-evolving interplay between hardware, cybersecurity, open source, and instruction set architectures.

    <hackernoon.com/the-cybersecuri>

    @emaste @FreeBSDFoundation

    Cc @josephholsten

    #RISCV #Arm #Morello #CHERI #CheriBSD #hardware #ISA #security #cybersecurity #University #Cambridge #SRI #FreeBSD

  26. Update: this week I saw @dexter post about #CheriBSD/CherIoT, @whitequark & @mntmn chat about #wasm on firmware/embedded, & @rsc post about #unix v6 wasm: research.swtch.com/v6/

    So apparently I have an assembler problem domain I’m interested in. Now I’ve just got to find an itch worth scratching, and get enough experience to find something interesting to do with a novel asm.

  27. Update: this week I saw @dexter post about /CherIoT, @whitequark & @mntmn chat about on firmware/embedded, & @rsc post about v6 wasm: research.swtch.com/v6/

    So apparently I have an assembler problem domain I’m interested in. Now I’ve just got to find an itch worth scratching, and get enough experience to find something interesting to do with a novel asm.

  28. Update: this week I saw @dexter post about #CheriBSD/CherIoT, @whitequark & @mntmn chat about #wasm on firmware/embedded, & @rsc post about #unix v6 wasm: research.swtch.com/v6/

    So apparently I have an assembler problem domain I’m interested in. Now I’ve just got to find an itch worth scratching, and get enough experience to find something interesting to do with a novel asm.

  29. Update: this week I saw @dexter post about #CheriBSD/CherIoT, @whitequark & @mntmn chat about #wasm on firmware/embedded, & @rsc post about #unix v6 wasm: research.swtch.com/v6/

    So apparently I have an assembler problem domain I’m interested in. Now I’ve just got to find an itch worth scratching, and get enough experience to find something interesting to do with a novel asm.

  30. Update: this week I saw @dexter post about #CheriBSD/CherIoT, @whitequark & @mntmn chat about #wasm on firmware/embedded, & @rsc post about #unix v6 wasm: research.swtch.com/v6/

    So apparently I have an assembler problem domain I’m interested in. Now I’ve just got to find an itch worth scratching, and get enough experience to find something interesting to do with a novel asm.

  31. Brooks Davis Creating a memory-safe workstation with CheriBSD

    #CheriBSD #BSD #BSDCan

  32. Brooks Davis Creating a memory-safe workstation with CheriBSD

    #CheriBSD #BSD #BSDCan

  33. Brooks Davis Creating a memory-safe workstation with CheriBSD

    #CheriBSD #BSD #BSDCan

  34. Brooks Davis Creating a memory-safe workstation with CheriBSD

    #CheriBSD #BSD #BSDCan

  35. Just finished reading an article about in the journal:

    freebsdfoundation.org/wp-conte

    Obviously, I want now an Morello system for added security :-) But at least I'd love to know the status of syslog-ng. Is it already aarch64c, or needs legacy support to run?