Open Fabs

Fri Jul 31 10:51:13 PDT 2015

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 07/30/2015 04:43 PM, Zenaan Harkness wrote:

> 1) Program full FLOSS stack for circuit/chip dev: # some starts: 
> apt-cache search circuit apt-cache search electron
> 
> 2) Start with one of the FLOSS CPUs, eg SPARC2, and divide and 
> conquer it's analysis audit.

That's been mentioned here serveral times.  Then someone else chimes
in with the injection of boobytrapped packages to ensure that designs
are automagickally tampered with or boobytrapped compilers (nevermind
that we have a workable way of detecting and mitigating the attack
(try it, it works!)).  Then someone else chimes in with "Well, we
can't even trust the FPGAs or the gate synthesis software for the same
reason."  This is yet another iteration of the same loop on this
mailing list.  It would be killfile-able if some of the basic terms
didn't change between iterations.

I suppose what I'm bitching about (and I've probably just faceplanted
by stepping into that particular pothole - it's my turn, I guess) is that
there seems to be no part of the threat model where risk is
acceptible.  I mean, going all the way back to hand-wired
electromechanical processors just to be able to bootstrap back to
silicon and losing 20-30 years of technical advancement?

Somewhere, we went way off course.  There is a saying: "Perfect is the
enemy of working."  I think that's where we as a group have lost our way.

The threats are known.  The risks are known.  Let's act.

- -- 
The Doctor [412/724/301/703/415] [ZS]

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

"Holy crap! What have I gotten myself into!?" --Adam Savage