From: Jonathan Morton <chromatix99@gmail.com>
To: Mikael Abrahamsson <swmike@swm.pp.se>
Cc: "David P. Reed" <dpreed@deepplum.com>,
cerowrt-devel <cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] security guidelines for home routers
Date: Tue, 27 Nov 2018 13:17:57 +0200 [thread overview]
Message-ID: <50C5F8A3-B052-49AE-886E-65352BF628A2@gmail.com> (raw)
In-Reply-To: <alpine.DEB.2.20.1811271204250.7766@uplift.swm.pp.se>
> On 27 Nov, 2018, at 1:07 pm, Mikael Abrahamsson <swmike@swm.pp.se> wrote:
>
> So we need to come up with a security regime that makes sense for the most amount of people, and then try to still cater to the ones who want to do more/less.
For most people, I think the "floppy disk" security model is usually appropriate - you can take your data out of your computer and put it in your pocket, where nobody can read it without physically stealing it from you first. Unfortunately it's hard to apply using modern technology and paradigms, which try to move your data out of your house entirely, for "convenience" (and to trawl through it for great profitssss).
This is also, for example, why IoT devices and voting machines built using modern technology are perpetually insecure and unsecurable.
Currently, the easiest way to build a machine that's *truly* secure is to take something like a 6502 (which is still being manufactured by WDC) and associated 74AHC-series logic chips, SRAMs and EEPROMs, a 4-layer PCBs, all of which are built on crude enough technology to be physically examined for backdoor devices in an airport-grade X-ray machine if necessary. Then write the necessary software in assembly, which can be translated to machine code (or at least verified) by hand if you're truly paranoid, and toggle it in byte by byte on the front panel.
Good luck getting a web browser running on one of those, though.
- Jonathan Morton
next prev parent reply other threads:[~2018-11-27 11:18 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-26 18:05 Dave Taht
2018-11-26 18:24 ` Sebastian Moeller
2018-11-26 18:35 ` Mikael Abrahamsson
2018-11-26 22:13 ` Sebastian Moeller
2018-11-27 11:03 ` Mikael Abrahamsson
2018-11-27 11:52 ` Sebastian Moeller
2018-11-27 13:34 ` Mikael Abrahamsson
2018-11-28 13:49 ` Sebastian Moeller
2018-11-27 18:23 ` valdis.kletnieks
2018-11-26 18:40 ` Dave Taht
2018-11-26 21:05 ` Toke Høiland-Jørgensen
2018-11-26 22:28 ` Sebastian Moeller
2018-11-27 0:29 ` David P. Reed
2018-11-27 11:07 ` Mikael Abrahamsson
2018-11-27 11:17 ` Jonathan Morton [this message]
2018-11-28 9:17 ` Michael Richardson
2018-11-28 9:14 ` Michael Richardson
2018-11-28 19:10 ` David P. Reed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50C5F8A3-B052-49AE-886E-65352BF628A2@gmail.com \
--to=chromatix99@gmail.com \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=dpreed@deepplum.com \
--cc=swmike@swm.pp.se \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox