Remix clone Hacker News

new | show | ask | jobs Github

	▲	crote 5 days ago
		Why do you trust your physical servers? Do you believe it is impossible for a backdoor to exist in the CPU's Management Engine? Do you inspect the contents of every single network packet entering and exiting? Do you have a way of blocking or inspecting all electromagnetic radiation? Confidential computing is trying to solve the very problem you are worried about. It is a way of providing compute as a service without the customer having to blindly trust the compute provider. It moves the line from "the host can do anything it wants" to "we're screwed if they are collaborating with Intel to bake a custom backdoor into their CPUs". To me that sounds like a very reasonable goal. Go much beyond that, and the only plausible attacker is going to be the kind of people who'll simply drag you to a black site and apply the big wrench until you start divulging encryption keys.
	▲	eqvinox 5 days ago \| parent \| next [-]
		A physical server can use all the same mechanisms a VM in a cloud can use (worst case put your stuff in a single "confidential" VM), but can also rely on physical control of the machine. But there is no longer a 3rd party cloud operator in a pre-privileged position to exploit VMM or CPU vulnerabilities. It is essentially by definition more secure than a VM anywhere. I wouldn't "fully" trust it without going on-prem though. But trust isn't binary either; container < VM < hosted machine < on-prem machine. That's all there is to this.
	▲	Groxx 5 days ago \| parent \| prev \| next [-]
		>[you already trust all these things, why do you think adding even more things you must trust makes it less trustworthy?] is a kinda insane argument at even a surface level
	▲	Bender 4 days ago \| parent \| prev [-]
		HorseCookieRoadApples. If someone tampers with my servers I will instantly know and they will shortly thereafter be my mRNA volunteer test subjects. Do all servers have debug back doors? Of course they do. Every piece of hardware has some form of JTAG debugging that can bypass all aspects of security and magic math no matter what proprietary fancy name that Stan the car sales man pushes. To access those debugging features they have to physically access my servers and that is not going to happen.