and what is a news about this ? 99.99999999% of satellites are vulnerable to attacks doable by middleschool teenagers.
msot of traffic between satellite and earth is unencrypted ( RC4 like encryption is not encryption ), there are hundreds satellite listening stations all over the world.
for example "Abhörstation Königswarte" can listen to african presidents talking over satelite phones.
snowden leaks provided some info about collections thru these kind of stations. ( NOTHING in snowden leaks, showed to public, was unknown / not already opensource )
You'll need to have a good source on that because the majority of the latest satellites are using at least AES128 or better AES256 for this kind of stuff. Granted, a few of the implementations I have seen are a bit exotic and probably somewhat vulnerable, and the key management can be quite manual, but we are not at the middle school teenagers level anymore.
And I doubt very much that Starlink or OneWeb (OW is using AES256) satellites are that easy to hack, and they by themselves are most of the satellites.
Many satellites are also able to monitor contacts made from the ground and if someone is able to gain access to the communication stream, they'll quickly (within 10min) have to learn how to hack the onboard software to reset these monitors.
starlink can monitor your traffic in ground station.
so you do not need ground based listening station.
optical links still does not work what i know. it is kind of dumb relay ( atleast today )
darpa had program which wanted starlink like satellites used for military purposes, with sensors AND machine learning onboard, 400 km is not very far from earth either, so you do not need complicated sensors (optics..) to see / hear / feel / receive things + capability of computation ( ML filtering, ML recognition.. ) can provide you with very powerful platform. .
plus on top - with optical interconnects you can transmit data without touching "bad" side of globe XD
so with ESA putting this amount of (american made) computation, you can see where it is going.
im proponent of having telemetry not encrypted, we need this for same reason we use ADS/AIS
there are multiple "channels" from / to satellite. not all have to use consumer grade encryption.
some other comments provide link to mission statement, there you can read it was developed to do tests about spacecraft security, im not sure they ment computer security, tho. you can write ESA, you can find some ESA people on twitter even.
what i did / did not do in my free time, 15 years ago i do not want to talk.
is 20 year old tech hackable ? is not sourcable.
what is done to satellites is not really possible to source, people need to work.
and even bull is considered secret, proprietary etc....
for threat model:
hybrid war is "new".
" attacking infrastructure was considered war, full stop "
this changed for some reason.
american corporation have 4 pictures of "earth" everyday, in database, starting from 1996...
and still even today, you can point antenna up and capture geostationary satellite pictures, not in that resolution tho. ( NOAA / old russian meteo satellites - this was not in threat model. source is point antenna up)
im not talking about things like FLTSATCOM 7 and FLTSATCOM 8 which are known and covered by news.
im not confused about what is telemetry, control, data, transponder, etc
most nonmainstream things / themes are not "googleable". because hybrid war.
hobbysite from 20 years ago - cqham.ru has some articles about "downloading" nonencrypted traffic from satellites with for todays standard, primitive equipment
The specs are usually public for GEO meteo sats in particular (NOAA's, Elektro-L, etc), specifically for amateur enthusiasts to receive the photos; unencrypted downlink is easy with them. Controlling anything is another story.
so threat model for satellites is not what we thought.( as a public hollywood goers ). and even if satellite is "hardened" is hardened by obfuscation rather then technological mechanism ( even if it had technological anything in it, which they dont. most satellites are older then 20 years, anyway.... )
exactly,
it is not problem of making it slower / faster or which is slower/ faster.
BUT
that we use solutions across multiple problems instead providing solution specifically for that problem. if you have KNOWN vm, on KNOWN hardware then why you need all kinds of hardware and other bull.. initializations, checks.... ? just provide list of things it has to have then after list is run over without problem, continue. also why would amazon/gcp/azure care ? they are making money from you running inefficient solutions....
main point of running unixy stuff is exactly that i can mold my solution to specific problem EASILY. thats why it is so common in embedded market ( routers, kiosks,drones, car infotainment, TV... )
but question is,
is this solution for people running software on other peoples computers ?
or solution for running my own code on my own computer only ?
Does it matter? Running kernel pieces in userspace is useful in both directions (rather like docker), and in both cases we'd like it to run as quickly as possible.
For my particular case it's about something similar in purpose to sandboxing, but with providing the compartment (ie a process subtree) with an alternative kernel to talk to, to minimise the attack surface between that container and the host kernel.
OS should save all serial numbers of devices and after they are all found continue.
we should make it declarative or how do you want to call it.
also why cant freaking boot process be optimized after first boot?
bsd is essentialy sorting SAME thing every boot, THAT is ridiculous.
sort once, save order ( list, sysinit000000000000 ), boot fast next time.
hardware or other change or failed boot, can trigger start sorting bull for safety.
you know what youre booting into, so sort it once then run it from saved order next time. how many times you change hardware on computer ? and if you do, you can just restart with grub flag, toggle switch in control panel before restart, etc
The code to manage "do I sort or do I cache" is probably worse than the code to just sort it unconditionally.
And you really want to do this automatically, with no manual anything, because (among other reasons) if you need to swap a part on a broken machine, you do not want that to needlessly break the software. So you're sorting regardless, and so you might as well just be unconditional about it.
on my machine TPM is checking state of machine for security reasons, so if this runs ANYWAY then why not use that for one more useful thing ... ( it runs before even machine thinks about booting anything )
you can define shutdown flag for hardware change: shutdown -rF XD,
some things are hot swappable and for that there has to be logic (in kernel) to know you have new hardware...
if you have total hardware failure that can be detected too, on next boot...
That's nice way to add fuckloads of useless code while wasting memory and making now-read-only process into read-write process (kernel have no place to write cache before userspace initializes and sets up mounts and filesystems).
Windows XP had a tool called BootVis[1] that would try to optimize the startup sequence. Supposedly newer versions of windows do this sort of thing automatically.
I suspect much of the delay comes from the nature of plug-and-play. The OS has to poll every bus and every port to find every device, then query those devices to determine what they are, then load a driver and actually configure them. It simply can't rely on the hardware being exactly the same from one boot to the next.
im saying you can have two pathways, ( decision which route to choose is almost zero cost )
first - when you boot correctly, you can save information that you booted correctly.
second - if you do not find information about safe boot, you go old route, quicksort route.
( YES. you can do that, in a way you do not have loops of boot process because you are reading boot is ok even if it is not. just dont be lazy like linux kernel developers were, when i was telling them this exact thing few years back. )
"traditional" vendors provide ** in realms of Intelligence agencies..., so these "traditional" vendors are very hard to replace with open source variants.
just look what apple had to do just for example in terms of scanning all your pictures for ** or **, just to not to be ordered by federation to do things which are required to disclose to shareholders...
Which is nice, but doesn't really answer my question?
There's a tremendous usability difference between "X flops and all the different types of cores can read and write to unified memory with cache coherence" (as on Apple Silicon) vs. "X flops but you need to carefully orchestrate chunks of data in and out of local scratchpad buffers" (as on the Cell).
This is a somewhat misleading metric, seeing how FP64 compute isn't a priority for consumer GPUs. Still, it's great to see that at least some facet of modern GPUs can be replicated independently without using an ridiculously oversized die. There may yet be hope for some new GPU startup.
