good advice. i agree with the wait-and-see. i'm not convinced that this issue is solvable.
using pip, npm and all the other ways of importing random code from who-knows-where is insanity and plan9 systems (mostly?) avoid this practice. having dedicated auth and fs servers (don't allow cpu'ing) and using terminals for each user is a good practice. a terminal on an affected processor can still compromise your factotum data in memory. rpi3 is a safe choice and, for plan9, probably the best choice. On Wed, Jan 10, 2018 at 8:59 AM, <cinap_len...@felloff.net> wrote: > wait and see if all these scrambled together mitigations actually work. > > 9front is not in the business of selling shared computing environments > (or sell executable javascript ads) to untrusted strangers. > > that was never really safe to begin with. there will be bugs in software > and hardware. and there will be side channels. > > if you are concerned about security and leaks then run your authentication > server on a dedicated box and applications on your own terminal. > > -- > cinap > >
