Setting up PGP

[grarpamp]

Many corporates are fine with pulling down files
to a bastion host behind firewall and building
over to other non internet connected hosts from there.

Swapping random storage devices (that have own cpu + firmware)
among random machines, is probably more risk than an SCP
pull connection over lan. Reproducible builds from OS vendor site,
and friends East and West, can help verify the final pluggable
boot and run media before perma stuffing it in the system.
Then people play around with keygen, airgap, etc.

Given the hardware is all closed, and software is bloated,
cost to verify a system to any given book standard
quickly become moot vs risk.

Security is a continuum of tradeoffs, there are no absolutes.


Besides NSA, who has available protocols and data rates for...
'dd /dev/urandom /dev/LCDscreen' --> air --> 'dd /dev/camera /dev/null'

Somebody already did lavalamp datarates.
But the above is different camera target and use case.


New PCIe-USB port mashups... direct to
ram/cpu like old firewire... security insanity.


> if your main system were already infected?

Give it to Juan to smash with his ragehammer.