If you accept that _all_ vector spaces have a (Hamel) basis, you can then prove the Axiom of Choice: http://www.math.lsa.umich.edu/~ablass/bases-AC.pdf This means if you want to deny the Axiom in some cases, you will…
One thing that makes Secure Boot nice is how it (in theory) works _with_ measured boot. You get a measurement into the TPM that contains the public signing key that was used to verify the signature on your bootloader.…
Part of the issue with this MSI problem, is that the firmware also measures TPM events that say "Secure Boot is enabled with this configuration" even when it's not. These events are (almost always) used for FDE (via PCR…
I looked into this on my motherboard, and the issue is that MSI's firmware measures in the TPM events saying "Secure Boot is On", even when it is in this insecure mode. This means that even if Windows "checks" (via…
Whoops! You're right, instead of "successor" I should have just said "newer".
This is actually what the Precision Time Protocol (PTP) does. It's the successor to NTP, so it improves on some of NTP's mistakes. The protocol uses TAI, but also sends the TAI-UTC offset so the computer can display…
For future leap seconds, Google (including GCP) are planning to use a "standard" smear (https://developers.google.com/time/smear). This is also the same smear used by AWS. It seems like if the ITU decides to keep the…
One reasonable way to do this could involve running the reference TPM2 simulator [0] on the Arduino. It's just a C library that already implements all the cryptographic routines and TPM2 commands. In fact, this is…
As someone who's spent too much time with this stuff, you're correct. The TPM (either 1.2 or 2.0) is an entirely _passive_ chip. It only creates keys or measures data if the OS or UEFI asks it to. This means that it…
I don't think that Windows 11 requires any sort of EK cert at all. If they did, it would require them to restrict the TPMs to a list of "approved" vendors. In this case, they bought the actual TPM2 part of the chip from…
Shouldn't this be marked with (2014) as it was made at DebConf 14?
For point (2), Google did open source Bazel https://bazel.build/ which is essentially just the internal build system Blaze.
(Google employee here) If the change is small or can be automated (i.e. changing # of parameters or function names), we run a script to make the change over the entire monorepo. This enormous CL is then approved by one…
Personally, I would use an explicit non-commercial license in this case. WTFPL isn't a real license (and isn't considered open-source by OSI). Things like the AGPL and CC-BY-NC-* are actually written by lawyers and make…
> If a Google employee in their free time contributes to an AGPL project, that employee needs to open source all IP related to their contribution to the project. This isn't the problem. The reason for contribution bans…
So the issue isn't in-work hours vs off-work hours (as that line is fuzzy), but who owns the copyright. The above link [1] is for the automatic process where Google still owns the copyright (hence no AGPL or…
At Google, MPL (and other copyleft licenses) are OK for internal use and for external contributions. I think we have a mirroring system setup to automatically publish any internal changes. Edit: See…
As a current Google employee, the OSS contribution process has gotten way better. Basically, anything that is BSD/MIT/Apache/LGPL/GPL/EPL/MPL no longer needs approval. AGPL and the non-commercial licenses are still…
I think you would actually need Box<dyn Foo>. But the bigger point is that the current build system can't figure out that a rebuild isn't necessary in these cases.
If you're working on safety-citical software, I think using formally verified C code (as discussed in the article) would be the best approch. If a bug could kill someone, you should (to the greatest extent possible)…
Take a look at the dep[1] tool. It allows you to ship your project with all of its dependencies included. This means that only your source is needed to build your application/package. The Gopkg.toml/Gopkg.lock files in…
If you accept that _all_ vector spaces have a (Hamel) basis, you can then prove the Axiom of Choice: http://www.math.lsa.umich.edu/~ablass/bases-AC.pdf This means if you want to deny the Axiom in some cases, you will…
One thing that makes Secure Boot nice is how it (in theory) works _with_ measured boot. You get a measurement into the TPM that contains the public signing key that was used to verify the signature on your bootloader.…
Part of the issue with this MSI problem, is that the firmware also measures TPM events that say "Secure Boot is enabled with this configuration" even when it's not. These events are (almost always) used for FDE (via PCR…
I looked into this on my motherboard, and the issue is that MSI's firmware measures in the TPM events saying "Secure Boot is On", even when it is in this insecure mode. This means that even if Windows "checks" (via…
Whoops! You're right, instead of "successor" I should have just said "newer".
This is actually what the Precision Time Protocol (PTP) does. It's the successor to NTP, so it improves on some of NTP's mistakes. The protocol uses TAI, but also sends the TAI-UTC offset so the computer can display…
For future leap seconds, Google (including GCP) are planning to use a "standard" smear (https://developers.google.com/time/smear). This is also the same smear used by AWS. It seems like if the ITU decides to keep the…
One reasonable way to do this could involve running the reference TPM2 simulator [0] on the Arduino. It's just a C library that already implements all the cryptographic routines and TPM2 commands. In fact, this is…
As someone who's spent too much time with this stuff, you're correct. The TPM (either 1.2 or 2.0) is an entirely _passive_ chip. It only creates keys or measures data if the OS or UEFI asks it to. This means that it…
I don't think that Windows 11 requires any sort of EK cert at all. If they did, it would require them to restrict the TPMs to a list of "approved" vendors. In this case, they bought the actual TPM2 part of the chip from…
Shouldn't this be marked with (2014) as it was made at DebConf 14?
For point (2), Google did open source Bazel https://bazel.build/ which is essentially just the internal build system Blaze.
(Google employee here) If the change is small or can be automated (i.e. changing # of parameters or function names), we run a script to make the change over the entire monorepo. This enormous CL is then approved by one…
Personally, I would use an explicit non-commercial license in this case. WTFPL isn't a real license (and isn't considered open-source by OSI). Things like the AGPL and CC-BY-NC-* are actually written by lawyers and make…
> If a Google employee in their free time contributes to an AGPL project, that employee needs to open source all IP related to their contribution to the project. This isn't the problem. The reason for contribution bans…
So the issue isn't in-work hours vs off-work hours (as that line is fuzzy), but who owns the copyright. The above link [1] is for the automatic process where Google still owns the copyright (hence no AGPL or…
At Google, MPL (and other copyleft licenses) are OK for internal use and for external contributions. I think we have a mirroring system setup to automatically publish any internal changes. Edit: See…
As a current Google employee, the OSS contribution process has gotten way better. Basically, anything that is BSD/MIT/Apache/LGPL/GPL/EPL/MPL no longer needs approval. AGPL and the non-commercial licenses are still…
I think you would actually need Box<dyn Foo>. But the bigger point is that the current build system can't figure out that a rebuild isn't necessary in these cases.
If you're working on safety-citical software, I think using formally verified C code (as discussed in the article) would be the best approch. If a bug could kill someone, you should (to the greatest extent possible)…
Take a look at the dep[1] tool. It allows you to ship your project with all of its dependencies included. This means that only your source is needed to build your application/package. The Gopkg.toml/Gopkg.lock files in…