Lennart Poettering on Nostr: npub1h3vuy…ys7xv sysexts have a much tigther security model than any other forms of ...
npub1h3vuymshqemngzxq4wqeqgcvjcrpqwed5h8rfrck6m84mwdd9sys7ys7xv (npub1h3v…s7xv) sysexts have a much tigther security model than any other forms of packaging/code distribution I am aware of, because of two fundamental features.
1. Signature validation is done by the kernel, hooked into the kernel keyring as a our root of trust, instead of userspace.
2. Contents validation is done via dm-verity, i.e. offline safe on every single block we read.
Both of these concepts are *major* advancement over the status quo ante.
Published at
2024-11-04 07:55:01Event JSON
{
"id": "8a29c7266ac2ed11c7d2aee3a10df6d54f07eb5f6bb4ce5f07249e0497a9b29d",
"pubkey": "1d95c32d9a9d95a54f98eb2eaa156f3d3a71dc49eca2c960b2b89962758f1cc0",
"created_at": 1730706901,
"kind": 1,
"tags": [
[
"p",
"bc59c26e1706773408c0ab8190230c9606103b2da5ce348f16d6cf5db9ad2c09",
"wss://relay.mostr.pub"
],
[
"p",
"5456e412a35844ff5d041ff36126c0fbe373c4d7adc15e7d00f18cf84b43a8f0",
"wss://relay.mostr.pub"
],
[
"e",
"b4d48132f284bad2034824566ec136d1a4bed219fa4d44e376fd07a9aef213e4",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://mastodon.social/users/pid_eins/statuses/113423607493494005",
"activitypub"
]
],
"content": "nostr:npub1h3vuymshqemngzxq4wqeqgcvjcrpqwed5h8rfrck6m84mwdd9sys7ys7xv sysexts have a much tigther security model than any other forms of packaging/code distribution I am aware of, because of two fundamental features.\n\n1. Signature validation is done by the kernel, hooked into the kernel keyring as a our root of trust, instead of userspace.\n\n2. Contents validation is done via dm-verity, i.e. offline safe on every single block we read.\n\nBoth of these concepts are *major* advancement over the status quo ante.",
"sig": "3f7033dca6419fb9759adf97c60bfdd6d5b064d522cb126f66aa804a9feed85c6b89e3a1557271c940e0d091843e3d653fb4556a2c65a2b383a923aae9ab9abf"
}
