@inference @divVerent @thor The Titan module that is RISC-V based?

@AmpBenzScientist @divVerent @thor Why does it have to be?

@inference @divVerent @thor The RISC-V based module was the M2.

@AmpBenzScientist @divVerent @thor Doesn't matter if it's ARM or RISC-V. Irrelevant, unless you're just part of the FOSS cult who can't tell what the word "security" really means. Hint: it's not "I can see the code".

I shouldn't drink Coca-cola, because it's a proprietary recipe. In fact, I shouldn't eat any food, because how do I actually know the ingredients aren't lying? There is *always* trust. Period.

Coming from someone in the security field with years of work.

@inference @thor @divVerent @AmpBenzScientist if I want to feel secure I want to be able to see the code.

and YES, you shouldn't eat any food you don't know the contents of.
if a company is lying on the label then it may use something toxic that isn't approved by health regulators

@straw @thor @divVerent @AmpBenzScientist Tell me how I know the RISC-V chip is actually to the spec they claim. You can't do that unless you make your own, in your own fabrication plant.

Same as food. Do you have a way to alalyse every ingredient in the packet?

@inference @thor @divVerent @AmpBenzScientist no, I don't have a way of doing that - which is why I cook food myself

@straw @thor @divVerent @AmpBenzScientist The lettuce you pick up from the store could have been dipped in cyanide for all you know.

@inference @thor @divVerent @AmpBenzScientist and yes this is exactly why I am in favor of self-sufficiency by growing your own produce 😎

@straw @thor @divVerent @AmpBenzScientist But the seeds could have been tampered with...

@inference @divVerent @thor @straw Tell you how you would know? I wouldn't know how you would know. RISC-V is Open Source Licensed so a company can make a custom RISC-V processor without being sued. There is the difference in ISA. There are quite a few ways to figure out if it isn't what it is claimed to be.

The Titan M2 is not a pure RISC-V design but a custom design based on the RISC-V architecture. You should add RISC-V to your cult members because it is Open Source.

So why do you have such a negative view of FLOSS? I'm curious.

@inference @AmpBenzScientist @divVerent @thor and for this same reason I prefer not eating foods made by a third party, I prefer to cook myself to know the ingredients

@straw @thor @divVerent @AmpBenzScientist And how do you know the ingredients haven't been tampered with?

@inference @thor @divVerent @AmpBenzScientist dude

@straw @thor @divVerent @AmpBenzScientist This is literally the level of thinking of FOSS cultists.

@straw @AmpBenzScientist @divVerent @thor I'm simply emulating them.

@inference @thor @divVerent @AmpBenzScientist this is your twisted belief of how FOSS cultists think. we want freedom, we want to know what the software we're running does.

@inference@plr.inferencium.net "I can see the code" sure IS not security, but it can help.

In particular it can help me assess the actual security. Much better than "this is FedRAMP compliant so I need not care further".

If I don't do that, it may as well be closed though.

@divVerent Security is best done on production hardware and software binaries.

See:
https://seirdy.one/posts/2022/02/02/floss-security/

"- Source code describes what a program is designed to do; it is unnecessary and insufficient to determine if what it actually does aligns with its intended design.
- Vulnerability discovery doesn’t require source code."

"source unavailability doesn’t imply insecurity, and source availability doesn’t imply security. It’s possible (and often preferable) to perform security analysis on binaries, without necessarily having source code. In fact, vulnerability discovery doesn’t typically rely upon source code analysis."