• Re: IPV6 (Was "Notice tha

    From Dr. What@21:1/126 to tenser on Sat Feb 19 02:35:48 2022
    tenser wrote to McDoob <=-

    There's that. There's also this idea that tons of random
    code runs before the OS even loads; "secure boot" is a cute
    fiction with UEFI.

    My understanding is that it's even worse than that. From what I've read the UEFI boot process uses MS-DOS.

    But the the only truthful sentance that includes the words "Microsoft" and "secure" is "Microsoft products are inherently not secure."


    ... Your weapon was made by the lowest bidder!
    ___ MultiMail/Linux v0.52

    --- Mystic BBS/QWK v1.12 A46 2020/08/26 (Linux/64)
    * Origin: bbs.alsgeeklab.com:2323 (21:1/126)
  • From tenser@21:1/101 to Dr. What on Sat Feb 19 03:44:28 2022
    On 19 Feb 2022 at 02:35a, Dr. What pondered and said...

    My understanding is that it's even worse than that. From what I've read the UEFI boot process uses MS-DOS.

    No, it does not. The confusion might come because by
    design, when an x86 CPU comes out of reset, it begins
    executing at code-boot reset vector in 16-bit real
    mode; often that's executing instructions directly from
    SPI-flash or something. The SEC phase code has to
    handle running in that constrained environment and
    getting the PEI running; that usually means turning on
    DRAM (on Intel, you do training here; AMD does that
    from the PSP), handling the A20 latch on the BSP, and
    getting into 32-bit protected mode, loading the PEI
    and jumping to it. From then on, it's mostly 32-bit
    until you get to DXE. PEI does a lot of platform-specific
    stuff, like enumerating APICs (CPUs), initializing
    buses, device configuration, and so on, then it loads
    and starts the DXE runtime, which remains resident even
    after the OS boots (the OS can make UEFI calls by jumping
    into DXE).

    MS-DOS isn't used at all here, but DXE applications
    often ship as Windows PE executables (which themselves
    are based on COFF, which came out of System V Unix).

    But the the only truthful sentance that includes the words "Microsoft"
    and "secure" is "Microsoft products are inherently not secure."

    That's not true. MSFT has some really crackerjack people
    working on Windows, and has produced some very nice research
    work in security.

    --- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From McDoob@21:4/135 to Dr. What on Fri Feb 18 15:27:42 2022
    But the the only truthful sentance that includes the words "Microsoft"
    and "secure" is "Microsoft products are inherently not secure."

    THIS! ^^^^

    McDoob
    SysOp, PiBBS
    pibbs.sytes.net

    --- Mystic BBS v1.12 A46 2020/08/26 (Raspberry Pi/32)
    * Origin: PiBBS (21:4/135)
  • From Dr. What@21:1/126 to tenser on Mon Feb 21 05:26:30 2022
    tenser wrote to Dr. What <=-

    MS-DOS isn't used at all here, but DXE applications
    often ship as Windows PE executables (which themselves
    are based on COFF, which came out of System V Unix).

    Good to know. When I played around in it, it had a MS-DOS look-and-feel to me (keep in mind that was only 1 system that FORCED me to have to deal with UEFI to get Linux loaded).

    That's not true. MSFT has some really crackerjack people
    working on Windows, and has produced some very nice research
    work in security.

    That may be the case. But there's only so much a great architect can do if the ground he's building on is weak.

    I've had to work with Windows for many decades now and while I've certainly seen improvement here, Windows "security" remains baroque and something tacked on afterwards.


    ... A nudist has no reason to fear a pickpocket.
    ___ MultiMail/Linux v0.52

    --- Mystic BBS/QWK v1.12 A46 2020/08/26 (Linux/64)
    * Origin: bbs.alsgeeklab.com:2323 (21:1/126)
  • From tenser@21:1/101 to Dr. What on Mon Feb 21 13:42:46 2022
    On 21 Feb 2022 at 05:26a, Dr. What pondered and said...

    Good to know. When I played around in it, it had a MS-DOS look-and-feel to me (keep in mind that was only 1 system that FORCED me to have to
    deal with UEFI to get Linux loaded).

    You mean the UEFI shell? I suppose that implements whatever
    look and feel the shell's implementors designed it to have.
    Sounds like it has some resemblance to DOS, which itself
    resembles CP/M and TOPS-10 in many ways. None of this stuff
    was born in a vacuum. DCL on RSTS/E on the PDP-11 looks
    like DCL on VMS on the VAX/Alpha/Itanium (and now x86!), but
    the implementations are quite different.

    That's not true. MSFT has some really crackerjack people
    working on Windows, and has produced some very nice research
    work in security.

    That may be the case. But there's only so much a great architect can do if the ground he's building on is weak.

    I've had to work with Windows for many decades now and while I've certainly seen improvement here, Windows "security" remains baroque and something tacked on afterwards.

    It could certainly be simpler, but the Windows code (by which
    I mean the kernel) is actually remarkably good.

    --- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)