faffolter has quit [Remote host closed the connection]
FRidh has quit [Ping timeout: 240 seconds]
FRidh has joined #nixos-security
cole-h has joined #nixos-security
red[evilred] has joined #nixos-security
<red[evilred]>
This solarwinds thing is making me think that we need to move to a data-plane and control-plane infrastructure as soon as possible
rajivr has quit [Quit: Connection closed for inactivity]
<ivan>
the solerwinds thing makes me think about how we don't even match tarball contents to source repo contents
<gchristensen>
hm?
<red[evilred]>
?? that checksum isn't for file integrity?
<ivan>
it's harder to slip malware into a git repo than it is into a tarball with a 4MB configure script
<ivan>
yet we usually consume tarballs instead of git repos
<gchristensen>
eh that doesn't seem like a big deal to me, but sure
anselmolsm has joined #nixos-security
<red[evilred]>
Honetsly -=- unless we get refcaps everywhere - supply-chain is really hard to fix
<red[evilred]>
(read: currently impossible)
julm has quit [Quit: Lost terminal]
julm has joined #nixos-security
ris has joined #nixos-security
<pie_>
what does this mean <red[evilred]> This solarwinds thing is making me think that we need to move to a data-plane and control-plane infrastructure as soon as possible
<pie_>
red[evilred]: are you __red__
justanotheruser has quit [Ping timeout: 272 seconds]
justanotheruser has joined #nixos-security
FRidh has quit [Quit: Konversation terminated!]
<red[evilred]>
yes and yes
<red[evilred]>
So, in higher security systems - the OS / Application doesn't have any ability to modify itself
justanotheruser has quit [Ping timeout: 272 seconds]
<red[evilred]>
to the point even where you needed to buy a second computer in order to control the first computer
<red[evilred]>
in cases where the planes were in different computers
<red[evilred]>
You'd configure your application, then power off the controller and it would just rup
<red[evilred]>
rip
<red[evilred]>
But - Harvard Archittecture is probably the best place to start looking
<red[evilred]>
completely separate storage and signal paths for programs and data
<red[evilred]>
Basically - we need to remove the ability for the environment that executes your application to be able to modify itself
<red[evilred]>
and that's pretty much the exact opposite of most modern OSs
anselmolsm has quit [Remote host closed the connection]
anselmolsm has joined #nixos-security
<Foxboron>
ivan: Tarballs produced by git is reproducible. It should be perfectly fine to reproduce them.
<qyliss>
Foxboron: not necessarily
<qyliss>
there's a horrible git misfeature that makes them non-reproducible
<qyliss>
(I'm just trying to find it because I can't remember what it's called)
<Foxboron>
I mean, there is a lot of features that makes stuff unreproducible :p which is why reprobuilds is important as an effort. But the point is that is can be done
<Foxboron>
So prefering git repos over tarballs seems like a moot point