| - B[] (QUIT: Ping timeout: 268 seconds) (~Thunderbi@122-61-176-31-fibre.sparkbb.co.nz) | 00:02 | |
| - chomwitt (QUIT: Ping timeout: 246 seconds) (~chomwitt@2a02:587:dc3e:2a00:357a:dea1:fd85:24a1) | 01:13 | |
| swivel | mntmn: it would be neat if the reform 2 could include an embedded KVM for the display+keyboard, and out of the box be able to connect raspberry pi zero's to it and have a convenient way to switch between them from the keyboard or some switch somewhere | 06:03 |
|---|---|---|
| + jboubix (~jboubix@41.141.69.74) | 06:35 | |
| + chomwitt (~chomwitt@2a02:587:dc3e:2a00:f48c:13b4:43f4:5dd8) | 09:00 | |
| - slobber (QUIT: Ping timeout: 250 seconds) (~slobber@swift/alumni/slobber) | 10:00 | |
| + plomlomp0m (~plom@46.38.243.227) | 10:01 | |
| + andrej236 (~andrej@bob.askja.de) | 10:01 | |
| - chomwitt (QUIT: Ping timeout: 252 seconds) (~chomwitt@2a02:587:dc3e:2a00:f48c:13b4:43f4:5dd8) | 10:02 | |
| + slobber (~slobber@swift/alumni/slobber) | 10:04 | |
| - plomlompom (QUIT: Ping timeout: 265 seconds) (~plom@46.38.243.227) | 10:05 | |
| - andrej235 (QUIT: Ping timeout: 265 seconds) (~andrej@bob.askja.de) | 10:05 | |
| * plomlomp0m -> plomlompom | 11:41 | |
| mntmn | swivel, i have a deja vu from a HN thread | 11:46 |
| mntmn | swivel: also i don’t understand the use case. wanna explain? | 11:54 |
| mntmn | swivel: why not use ssh -X ? | 11:58 |
| - jboubix (QUIT: Remote host closed the connection) (~jboubix@41.141.69.74) | 12:04 | |
| + jboubix (~jboubix@41.141.69.74) | 12:05 | |
| - jboubix (QUIT: Remote host closed the connection) (~jboubix@41.141.69.74) | 12:15 | |
| + jboubix (~jboubix@41.141.69.74) | 12:15 | |
| + B[] (~Thunderbi@122-61-176-31-fibre.sparkbb.co.nz) | 13:14 | |
| - adjtm (QUIT: Ping timeout: 245 seconds) (~adjtm@207.red-83-37-51.dynamicip.rima-tde.net) | 14:11 | |
| + chomwitt (~chomwitt@2a02:587:dc3e:2a00:f48c:13b4:43f4:5dd8) | 14:25 | |
| - jboubix (QUIT: Remote host closed the connection) (~jboubix@41.141.69.74) | 14:59 | |
| + jboubix (~jboubix@41.141.69.74) | 15:05 | |
| swivel | mntmn: yeah i saw the hn thread too | 15:18 |
| - jboubix (QUIT: Remote host closed the connection) (~jboubix@41.141.69.74) | 15:21 | |
| swivel | mntmn: the way I imagine it is like having another computer that can be practically air-gapped inside the laptop, where all key material can be stored for stuff like gpg reading/writing gpg encrypted email and such, but you can conveniently switch to it via the embedded kvm in a way that the host computer has zero visibility into the decrypted communications | 15:26 |
| swivel | mntmn: but the RPi and imx could be connected over usb or something along those lines for exchanging ciphertext, and the imx would run software modified to do the handoff with the RPi in a streamlined way without having a full-blown network connection linking the RPi to the imx and greater internet | 15:29 |
| swivel | use case is things like journalists who need to use encryption and keep their keys and encrypted emails off the machine they use to browse the web etc. | 15:30 |
| + jboubix (~jboubix@41.141.69.74) | 15:31 | |
| swivel | sort of like having a computer in the corner of the room that you bring encrypted emails to ona floppy disk, read in plaintext there, write reply and encrypt it, write to the floppy disk, then bring the floppy disk back to your networked computer with the encrypted reply for sending back on the network | 15:32 |
| swivel | replace the floppy disk with a usb link, the separate monitors/keyboards with the reform's display/keyboard behind an embedded kvm | 15:32 |
| - jboubix (QUIT: Remote host closed the connection) (~jboubix@41.141.69.74) | 15:34 | |
| swivel | the RPi could be holding things like leaked govnmnt documents, you'd want it running FDE, the KVM enables you to switch to its console without your potentially compromised networked imx being in the loop when you boot the RPi and enter the FDE password for example | 15:35 |
| mntmn | swivel: why couldn't reform be this airgapped computer? | 15:35 |
| mntmn | i mean, why do you need an extra rpi for that? | 15:35 |
| swivel | the reform is the laptop you use to get online in this scenario | 15:36 |
| mntmn | if you're ok with console-level access to the pi, the reform 2 keyboard will be able to do this | 15:40 |
| mntmn | reform2 contains another ARM cortex-m0 that could be used for this as well... and the keyboard will include a tiny screen + dumb terminal | 15:40 |
| swivel | interesting | 15:41 |
| mntmn | like, the keyboard is able to work like a standalone serial terminal (with a very small screen though) | 15:41 |
| swivel | it's desirable to have it be on a removable SBC like a pi though, like for a journalist to be able to hand the sensitive pi to another journalist IRL for them to work with the material | 15:42 |
| mntmn | the big screen is connected via embedded displayport, i'm not sure if that is workable for something like a pi | 15:42 |
| swivel | ah | 15:42 |
| swivel | maybe there's a shield for the pi to connect edp? | 15:43 |
| Jookia | mntmn: that's super cool. would be good for secure password entry | 15:43 |
| mntmn | Jookia: hm, haven't thought about these kind of uses yet | 15:43 |
| swivel | it doesn't have to be a pi, the main reform feature I'm proposing is a kvm on the keyboard+display to facilitate this | 15:43 |
| mntmn | swivel: i'd say get two reforms, one airgapped, and just use the SD card slot :) | 15:44 |
| mntmn | or a reform that is airgapped + another device for going online | 15:44 |
| mntmn | i mean, it's easy to airgap because there is no hardwired wifi | 15:45 |
| mntmn | so by default it cannot connect to anything | 15:45 |
| mntmn | also doesn't have bluetooth | 15:45 |
| swivel | carrying around two laptops is a PITA | 15:45 |
| swivel | especially chunky ones like the reform | 15:45 |
| Jookia | swivel: do any other laptops have KVM | 15:45 |
| swivel | Jookia: not that I know of, it's a neglected use case | 15:45 |
| mntmn | ok, then just use the reform airgapped and use an android phone to exchange encrypted data from the sd card or usb stick with the internet | 15:46 |
| mntmn | or dual boot | 15:46 |
| mntmn | like, just keep the online OS on one sd card and the offline OS on another sd card | 15:46 |
| mntmn | you can set up reform in such a way that it doesn't carry any state between them | 15:47 |
| swivel | *sigh* | 15:47 |
| mntmn | swivel, why do you think that your solution is the one and only correct one? :) | 15:47 |
| mntmn | lets look at all the options first | 15:48 |
| mntmn | or lets put it like this: i think what you are describing is a different product | 15:49 |
| swivel | well, the kvm method supports more flexible use cases than just the journalist who may be willing to reboot every time they have to read/write sensitive emails and read leaks | 15:49 |
| mntmn | you are imagining a laptop form factor that is a KVM shell | 15:50 |
| mntmn | so this would be constructed differently, with a different mainboard | 15:50 |
| swivel | with a kvm that has a handful of ports you could realistically have a separate pi for what are essentially separate browser tabs | 15:50 |
| swivel | so like qubes but not even trusting the hypervisor | 15:50 |
| + jboubix (~jboubix@41.141.69.74) | 15:50 | |
| swivel | instead you trust the kvm | 15:51 |
| mntmn | why do you trust the kvm more than the hypervisor? | 15:51 |
| swivel | because the kvm is a simple physical switch routing the keyboard and display | 15:51 |
| mntmn | ok | 15:51 |
| mntmn | got it | 15:51 |
| mntmn | so the product is basically like a hub with multiple hdmi inputs? | 15:52 |
| swivel | yes, it's like a kvm box you'd have connected to your desktop computers and you select A/B/C/D etc. | 15:52 |
| swivel | hdmi/edp ports and USB/PS2 or whatever is common these days :) | 15:52 |
| swivel | so the only modification is adding the KVM switching circuit with an array of physical ports internal to the laptop, and some selector mechanism on the keyboard replacing the knob you'd normally have on an external switch box... Just an idea | 15:53 |
| mntmn | i mean yeah this would be doable as an alternative motherboard + ports farm in kinda the same shell i guess. | 15:53 |
| mntmn | yeah, got it | 15:53 |
| mntmn | now the question is how many people need this | 15:54 |
| Jookia | Would a physical switch work? It sounds like something you'd need a mux for | 15:54 |
| mntmn | there are hdmi switch chips, i even have some samples somewhere | 15:55 |
| - jboubix (QUIT: Ping timeout: 246 seconds) (~jboubix@41.141.69.74) | 15:55 | |
| Jookia | https://betrusted.io/ seems like something that would be better for this task | 15:56 |
| swivel | Jookia: well the more common use case I imagine is using the embedded pi for browsing porn sites, and maybe another for all online banking/trading etc. | 15:58 |
| + jboubix (~jboubix@41.141.69.74) | 15:59 | |
| swivel | then I'd go back t the imx for my default workflow personally, which is development tasks and I tend to have ssh keys galore there I don't want the machine I browse pornhub having access to etc. | 15:59 |
| Jookia | I think for now the best you could do is something like remote VNC | 16:00 |
| swivel | yeah I've done that already using the usbarmory, it still puts a lot of trust on the host since all typing and viewing goes through it unencrypted so not so good for sensitive communications | 16:03 |
| Jookia | I guess my main problem with the KVM idea is that I wouldn't trust sharing peripherals like that | 16:05 |
| mntmn | hm, i manually drilled two holes through a block of aluminum and screwed it to the imx8m som, that keeps it "cool" enough... so i have hopes for the finished passive cooler | 16:06 |
| swivel | Jookia: you don't trust the KVM switch to actually switch the links? | 16:06 |
| swivel | seems like a simple circuit... | 16:07 |
| Jookia | no, switch is fine but the peripherals still shared between the devices | 16:07 |
| Jookia | so keyboard/display | 16:07 |
| Jookia | (ignoring the kvm mux) | 16:07 |
| mntmn | i'm gonna make some example screenshots for reform2. is firefox an OK browser to show? is ublock origin an OK extension to have visible in its corner? ;) | 16:07 |
| swivel | mntmn: OK to me | 16:08 |
| Jookia | mntmn: yep. chromium is good too though i did see some flak by people who mistook it as chrome | 16:08 |
| mntmn | got some flak for having a chrome icon in the original reform photos | 16:08 |
| mntmn | haha exactly Jookia | 16:08 |
| mntmn | but it was my fault, i selected the chrome icon instead of chromium, even if it was chromium | 16:08 |
| Jookia | ah | 16:08 |
| mntmn | the chromium icon is blue | 16:09 |
| Jookia | can you even run chrome on the reform? | 16:09 |
| mntmn | hm, let me check | 16:10 |
| Jookia | maybe they have aarch64 binaries for it | 16:10 |
| swivel | Jookia: I think if you view it from the perspective of one-upping qubes in security, while also getting rid of all the hardware compatibility problems for passthru and related VM headaches, it looks like a worthwhile improvement - and there seems to be significant interest in qubes. | 16:10 |
| mntmn | btw someone here asked for http://dump.mntmn.com/reform2-cpuinfo.txt | 16:11 |
| Jookia | yeah but then we're just going to get a lot of security bugs found in embedded controllers | 16:11 |
| Jookia | mntmn: nice | 16:12 |
| Jookia | i'm kind of on the fence about aarch64 | 16:12 |
| swivel | 16.66 bogomips | 16:13 |
| mntmn | not sure what that means | 16:13 |
| Jookia | nothing | 16:13 |
| Jookia | kernel just leaves it there for people to show off | 16:13 |
| swivel | kinda meaningless but 16.66 is a pretty low value | 16:14 |
| mntmn | so what is it, meaningless or low | 16:14 |
| Jookia | it's the CPU speed of a busy loop | 16:15 |
| swivel | it's not supposed to be used for comparison of machines because it's bogus but still happens | 16:15 |
| Jookia | so technically the machine is slower at doing busy loops | 16:16 |
| swivel | https://en.wikipedia.org/wiki/BogoMips | 16:17 |
| Jookia | however, on ARM it might not be the CPU speed but instead a timer speed | 16:17 |
| Jookia | since ideally you don't want your CPU to do things in a busy loop | 16:17 |
| swivel | one of my rpi cams: | 16:18 |
| Jookia | so it measures the busy loop power usage too | 16:18 |
| swivel | BogoMIPS : 697.95 | 16:18 |
| Jookia | imx6 bogomips is 9 | 16:18 |
| Jookia | so it's a measure of how wasteful linux will be in a busy loop ;) | 16:19 |
| swivel | yeah, from the wikipedia link: | 16:20 |
| swivel | One side effect of this change is that the BogoMIPS value will reflect the timer frequency, not the CPU's core frequency. Typically the timer frequency is much lower than the processor's maximum frequency, and some users may be surprised to see an unusually low BogoMIPS value when comparing against systems that use traditional busy-wait loops. | 16:20 |
| Jookia | so basically measuring megahertz | 16:22 |
| - jboubix (QUIT: Remote host closed the connection) (~jboubix@41.141.69.74) | 17:19 | |
| + jboubix (~jboubix@41.141.69.74) | 17:21 | |
| + adjtm (~adjtm@5.red-88-1-143.dynamicip.rima-tde.net) | 17:41 | |
| - jboubix (QUIT: Remote host closed the connection) (~jboubix@41.141.69.74) | 18:06 | |
| + jboubix (~jboubix@41.141.69.74) | 18:07 | |
| + jboubix_ (~jboubix@41.141.76.120) | 18:41 | |
| - jboubix (QUIT: Ping timeout: 240 seconds) (~jboubix@41.141.69.74) | 18:42 | |
| + erlehmann (~erlehmann@46.114.32.163) | 20:00 | |
| + erlehmann_ (~erlehmann@46.114.38.181) | 20:15 | |
| - erlehmann (QUIT: Disconnected by services) (~erlehmann@46.114.32.163) | 20:15 | |
| * erlehmann_ -> erlehmann | 20:15 | |
| - erlehmann (QUIT: Disconnected by services) (~erlehmann@46.114.38.181) | 20:27 | |
| + erlehmann_ (~erlehmann@46.114.36.188) | 20:27 | |
| + erlehmann (~erlehmann@46.114.37.182) | 20:30 | |
| - erlehmann_ (QUIT: Ping timeout: 268 seconds) (~erlehmann@46.114.36.188) | 20:33 | |
| - erlehmann (QUIT: Remote host closed the connection) (~erlehmann@46.114.37.182) | 20:43 | |
| + erlehmann (~erlehmann@46.114.37.182) | 20:44 | |
| - erlehmann (QUIT: Remote host closed the connection) (~erlehmann@46.114.37.182) | 21:24 | |
| + erlehmann (~erlehmann@46.114.37.182) | 21:29 | |
| + erlehmann_ (~erlehmann@46.114.36.71) | 21:32 | |
| - erlehmann (QUIT: Disconnected by services) (~erlehmann@46.114.37.182) | 21:32 | |
| * erlehmann_ -> erlehmann | 21:34 | |
| - jboubix_ (QUIT: Remote host closed the connection) (~jboubix@41.141.76.120) | 22:26 | |
| + jboubix (~jboubix@41.141.76.120) | 22:27 | |
| - jboubix (QUIT: Read error: Connection reset by peer) (~jboubix@41.141.76.120) | 22:36 | |
| + jboubix (~jboubix@41.141.76.120) | 22:36 | |
| - jryans (QUIT: *.net *.split) (jryansmatr@gateway/shell/matrix.org/x-hrqsqawsbkupfdmy) | 22:48 | |
| - pinoaffe (QUIT: *.net *.split) (~root@2a01:4f8:1c0c:5c1a::1) | 22:48 | |
| + jryans (jryansmatr@gateway/shell/matrix.org/x-yeftwqhxvhiltoqh) | 22:49 | |
| + erlehmann_ (~erlehmann@46.114.32.57) | 22:49 | |
| - erlehmann (QUIT: Disconnected by services) (~erlehmann@46.114.36.71) | 22:49 | |
| * erlehmann_ -> erlehmann | 22:49 | |
| - jboubix (QUIT: Remote host closed the connection) (~jboubix@41.141.76.120) | 22:53 | |
| + pinoaffe (~root@2a01:4f8:1c0c:5c1a::1) | 22:54 | |
| + jboubix (~jboubix@41.141.76.120) | 22:54 | |
| - jboubix (QUIT: Remote host closed the connection) (~jboubix@41.141.76.120) | 22:55 | |
| + jboubix (~jboubix@41.141.76.120) | 22:55 | |
| + erlehmann_ (~erlehmann@46.114.38.188) | 23:05 | |
| - erlehmann (QUIT: Disconnected by services) (~erlehmann@46.114.32.57) | 23:05 | |
| * erlehmann_ -> erlehmann | 23:06 | |
| - erlehmann (QUIT: Ping timeout: 240 seconds) (~erlehmann@46.114.38.188) | 23:28 | |
| + erlehmann_ (~erlehmann@46.114.36.9) | 23:30 | |
| * erlehmann_ -> erlehmann | 23:30 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!