Very exciting! Glad they’ve gone from potential vaporware to actually shipping boxes. Rare that vendors of non-x86 desktops make it that far. This also gives folks researching everything from concurrency to security potential to develop different solutions than what we’ve been seeing tied to x86. Most of them are doing ARM for obvious reasons but some on POWER could be interesting.
“though I would be remiss not to try to rebuild it from scratch at some point to personally audit it (since the NSA is probably all upin my bidness now for having purchased the thing). “
Far as high-security out of the box, I’m still dismissing all that for now given it’s:
A huge, black-box CPU from NSA’s favorite defense contractor that helped invent lots of codebreaking stuff with them.
Uses peripheral hardware and firmware from suppliers that have developed buggy firmware in the past to save bucks. The stuff is also complex enough to just have problems on its own. Who knows what people might find.
For most people, will likely use an OS certified to produce a stream of 0-days for NSA and less-resourceful hackers to use.
Was likely shipped to this person though companies that do interdiction for NSA.
You’re better off not even using computers for risky activities if you’re worried about well-funded attackers or domestic TLA’s. Others will likely get in due to complexity of target or brilliance of attackers. Same as x86 systems. The baseband situation could be an improvement depending on where attacks are found. There will also be an obscurity benefit to using POWER that many on PPC Macs are still enjoying to this day. Since attackers want most impact per vulnerability, most will ignore this box to focus on x86- or ARM-based systems. A few, security-focused OS’s also support POWER which gives people an option to improve that end of things, too.
I can’t pretend I understand much of his PowerPC writing but alone that he’s working all by himself on building/patching a browser to work on this platform is a massive amount of work, not to be understated. Kudos!
Oh yeah, I totally forgot the blog name was a browser I saw while back looking at PPC stuff. So, it’s that guy. Yeah, very impressive. classila’s opening paragraph also tells me it was an impressive achievement, too. I appreciate the reminder. I do have a G4 laptop sitting in the closet I could try them on at some point.
Another that’s not well-known was Lobo, a browser in Java. It was [further] proof one didn’t need unsafe languages for the job.
I didn’t know about Lobo, I’m currently enjoying netsurf. Besides working great on legacy hardware, Netsurf is secure through not having support (or at least extremely rudimentary) for javascript! ducks :)
That one is neat, too. Using subsets of current web like HTML 3.2, little CSS, and no Javascript was what I used to recommend for risk reduction where possible. I mean, no browsers at all if possible but simplest one you can use if necessary. This is pretty close. Also small enough for some embedded systems. I also like it has it’s own layout engine which gives a bit of diversity in a time when almost all browser projects are using just a few. I think Lobo did, too.
Very exciting! Glad they’ve gone from potential vaporware to actually shipping boxes. Rare that vendors of non-x86 desktops make it that far. This also gives folks researching everything from concurrency to security potential to develop different solutions than what we’ve been seeing tied to x86. Most of them are doing ARM for obvious reasons but some on POWER could be interesting.
“though I would be remiss not to try to rebuild it from scratch at some point to personally audit it (since the NSA is probably all upin my bidness now for having purchased the thing). “
Far as high-security out of the box, I’m still dismissing all that for now given it’s:
A huge, black-box CPU from NSA’s favorite defense contractor that helped invent lots of codebreaking stuff with them.
Uses peripheral hardware and firmware from suppliers that have developed buggy firmware in the past to save bucks. The stuff is also complex enough to just have problems on its own. Who knows what people might find.
For most people, will likely use an OS certified to produce a stream of 0-days for NSA and less-resourceful hackers to use.
Was likely shipped to this person though companies that do interdiction for NSA.
You’re better off not even using computers for risky activities if you’re worried about well-funded attackers or domestic TLA’s. Others will likely get in due to complexity of target or brilliance of attackers. Same as x86 systems. The baseband situation could be an improvement depending on where attacks are found. There will also be an obscurity benefit to using POWER that many on PPC Macs are still enjoying to this day. Since attackers want most impact per vulnerability, most will ignore this box to focus on x86- or ARM-based systems. A few, security-focused OS’s also support POWER which gives people an option to improve that end of things, too.
I can’t pretend I understand much of his PowerPC writing but alone that he’s working all by himself on building/patching a browser to work on this platform is a massive amount of work, not to be understated. Kudos!
I’ll be impressed if he gets any of his goals done. Browsers are massively complex. I’d not even attempt such a project alone.
Have a look at tenfourfox or classila and consider what you’ve just said.
Oh yeah, I totally forgot the blog name was a browser I saw while back looking at PPC stuff. So, it’s that guy. Yeah, very impressive. classila’s opening paragraph also tells me it was an impressive achievement, too. I appreciate the reminder. I do have a G4 laptop sitting in the closet I could try them on at some point.
Another that’s not well-known was Lobo, a browser in Java. It was [further] proof one didn’t need unsafe languages for the job.
I didn’t know about Lobo, I’m currently enjoying netsurf. Besides working great on legacy hardware, Netsurf is secure through not having support (or at least extremely rudimentary) for javascript! ducks :)
That one is neat, too. Using subsets of current web like HTML 3.2, little CSS, and no Javascript was what I used to recommend for risk reduction where possible. I mean, no browsers at all if possible but simplest one you can use if necessary. This is pretty close. Also small enough for some embedded systems. I also like it has it’s own layout engine which gives a bit of diversity in a time when almost all browser projects are using just a few. I think Lobo did, too.