On 10/13/20, grarpamp <grarpamp@gmail.com> wrote:
Many corporates are fine with pulling down files to a bastion host behind firewall and building over to other non internet connected hosts from there.
Swapping random storage devices (that have own cpu + firmware) among random machines, is probably more risk than an SCP pull connection over lan. Reproducible builds from OS vendor site, and friends East and West, can help verify the final pluggable boot and run media before perma stuffing it in the system. Then people play around with keygen, airgap, etc.
What OS vendors provide reproducible builds?
Given the hardware is all closed, and software is bloated, cost to verify a system to any given book standard quickly become moot vs risk.
Security is a continuum of tradeoffs, there are no absolutes.
Multiply the estimated dangers, I suppose, and compare.
Besides NSA, who has available protocols and data rates for... 'dd /dev/urandom /dev/LCDscreen' --> air --> 'dd /dev/camera /dev/null'
Curious too. Here's what I have. There's some old existing work at https://github.com/xloem/qrstream in the 'Existing work' section. A glance at https://stephendnicholas.com/posts/quicker-video-qr-codes implies 43 KB/s. You can get much more if you use multiple colors and more math. All my links explaining the math, and the java app that demo'd multichannel video with error correction, appear broken. It seems a product of the r&d put into the protocol and the resolution of the devices used, right now.
Somebody already did lavalamp datarates. But the above is different camera target and use case.
New PCIe-USB port mashups... direct to ram/cpu like old firewire... security insanity.
I infer this is normal now with USB3. So gpio pins, isolators, audio, video are the things to think about.
if your main system were already infected?
Give it to Juan to smash with his ragehammer.
This doesn't work at all when it's somebody's job to keep you monitored. You need a working system to do things while you resist around your ideals.