1. 2

    I already dreamed about a keyboard more or less like this. I almost bought an old solution for mobile (it was supposed to be used with only one hand), after that I considered customizing a game controller to be used with only one hand. But it was too much trouble as I had to interact a lot with hardware not only with software.

    1. 1

      Interesting. I am actually looking into this as a serious option. How far did you get?

      1. 2

        If I remember correctly, it wasn’t that easy to recognize multiple keys pressing. I remember to try a lot of controller softwares for Windows without success. After a while I focused more on getting different keyboard shortcuts to automate some tasks so I used AutoHotKey for it. This I could create a work around to press multiple keys as “modifiers” besides keys like ctrl, alt, etc. Check it out https://github.com/JpOnline/AutoHotKey-script/blob/812fcb4c6d21130f2810a4b1d88d90472b080147/ahkScript.ahk#L11

        1. 1

          interesting will have a look!

    1. 4
      • Nice article – my custom keyboard is more of a 60% one, but it’s interesting to read the reasons for/against certain design decisions:

        For instance, I also shortened the right shift key to add this one additional key you need to have a key for each of the 30 letters of the German alphabet.

        Having 30 letters also allows dividing them nicely between the left and the right hand, and are easily distributed on the 3 rows: 15 letters on the left half, 15 letters on the right half; 10 letters on a row – perfect!

        I have written about the ideas that went into my design here: https://soc.me/hardware/keyboard-design

      • I also had the problem with where to place the arrow keys – I strongly prefer having them in a layout that physically reflects their direction, but this makes it hard to put it on either half of the keyboard without destroying the haf-letters-left/half-the-letters-right property. For now, I have settled on putting arrow keys in the middle, but I’m aware that this is not a great place either for one-handed use.

      • One thing I’m not too optimistic about is the believe that adding layers or cording keys makes them as accessible as having a key for them.

        Just give it a try: switch the number-row from numbers-without-shift to numbers-with-shift and count the time you need until you are as fast as using the old way!

      • The next big evolutionary step I see in keyboard space is actually not the hardware itself, but improving the terrible software/protocol stack that runs the whole thing.

        E. g. in the year 2019 it should be possible to send Unicode over the wire. The current way of doing things is just mindbogglingly arcane and unnecessarily painful.

        Sadly I lack the time to learn how to write an implementation for the firmware (on keyboard) and a fitting device driver (for Linux). :-/

      1. 2

        Software is a big problem for me. Using a QMK board to send various Unicode symbols worked decently, but the tools on Linux for modifying what characters are sent when are all a mess.

        Similarly, switching key positions or uses is frustrating. I like to have the Control and Escape keys as the two either side of the space bar, with one also acting as Shift, and I know that this is possible because I once had a mess of xkb manipulation programs set up to get it to work - but because it’s not a standard modification (like making caps lock a control, for example it really didn’t come easily, felt unstable, and hasn’t worked since reinstalling my OS.

        A shame there’s pretty much no financial incentive for hardware manufacturers to run all their keyboards through QMK or some similar firmware!

        1. 1

          mm I imagine

        2. 1

          in the year 2019 it should be possible to send Unicode over the wire

          The reason keyboards send scancodes instead of unicode is that it allows the OS to map keycodes to characters in any language, this way I don’t need to reflash my keyboard everytime I want to change the language, or swap from Dvorak to Qwerty. I can just load a diffent mapping and that’s it.

          1. 1

            The reason keyboards send scancodes instead of unicode is that it allows the OS to map keycodes to characters in any language […]

            Let’s not pretend that the current state of the art is anything but an accident. Keyboards had a language id that could be set by the manufacturer and was supposed to be used to provide mappings automatically – without having to “configure your keyboard” on your computer.

            Manufacturers cheaped out on it, never set the byte to anything, and the rest is history.

            […] this way I don’t need to reflash my keyboard everytime I want to change the language, or swap from Dvorak to Qwerty. I can just load a different mapping and that’s it.

            That’s an interesting use-case, but one I never had and will never have.

            I have my keyboard. I want the same letters to end up on the computer’s screen regardless of which computer I plug my keyboard into.

            I have all letters I’ll ever need mapped on my keyboard, so switching layouts is not necessary. By the way, are you using a keyboard with blank key caps? Can’t imagine to switch layouts on a keyboard with printed letters.

            1. 1

              Keyboards had a language id that could be set by the manufacturer and was supposed to be used to provide mappings automatically

              Someone in Eastern Europe or Asia working on translations would have to buy a very expensive multi-language keyboard then or have two different ones. With the current system, all you need is a bunch of stickers and change a setting.

              Another thing, a keyboard with fixed unicode mappings could make hard or impossible to remap keys for users with disabilities, the workaround, again, would be a more expensive device with remapping capabilities.

          2. 1

            Thank you very much!

            Would you be able to help me to analyze efficiencies of different keyboard layouts?

            You are absolutely correct about that you should be able to send UTF-8 codes by now!

            1. 1

              Would you be able to help me to analyze efficiencies of different keyboard layouts?

              I have actually no knowledge about this. :-) I think it’s very hard to even define what “efficiency” means in terms of typing.

              You are absolutely correct about that you should be able to send UTF-8 codes by now!

              For what it’s worth, I thought up some spec extension here: USB-HID Protocol Evolution. (Not that I think anything will happen with it.)

            2. 1

              Just give it a try: switch the number-row from numbers-without-shift to numbers-with-shift and count the time you need until you are as fast as using the old way!

              As I understand it layers are different to using shift+‘character’, and are fundamentally modal. This makes them several orders of magnitude easier to access compared to your example. For example, compare using the compose key to type out á versus the alt-gr method.

            1. 2

              I have a planck at home (non-split) and I actually like it quite a bit. It does make me wonder if I can go one level deeper with something like a gherkin (3x10). Then if that works well it begs the question to me, how deep can I go?

              1. 2

                I felt the Planck would be too little, and got a Preonic recently… Maybe it’s a gateway drug. :)

                1. 2

                  I use a plank at work and at home. keyboards now feel too big haha.

                  But honestly it took me a while to get used to it. It was not easy for me to get used to the numbers and symbols being on a different layer. But once you get used to it I feel like it’s hard to not have everything this way. to me, the plank is a gateway drug to more planks :)

                  1. 1

                    yep it’s pretty chill. I can even game on it, which is wild to me. I’ve won games of apex legends with it lmao. I have custom gateron clears to have an activation curve and sound similar to topre. They were lying around from a input club k-type I had.

                1. 3

                  I’ve been very happy with this layout: http://www.keyboard-layout-editor.com/#/gists/cd5dbe9fdf697150ed10f0d14963ca7d

                  The blue key is a compose key, for things like é, ç, etc.

                  I like it a lot. That said, it took a lot of iterating though in order to have things like :=, =>, or even -> not be a complex chord to type. It’s easy to optimize for one thing at the expense of others, but over time I’m happy with the chords I ended up with. I’ve developed a sort of stress test whenever I decide to make changes.

                  1. 2

                    One change I have to make and haven’t yet is to add a ‘caps lock’ or ‘insert’ key: the built in screen reader on Windows is activated with either one of those. I’m leaning to using lshift + rshift.

                    1. 1

                      will have a look

                    1. 2

                      I just want a 90s Microsoft Natural keyboard (the one with the correct arrow layout) but with mechanical switches, and a detachable cable.

                      1. 2

                        Microsoft Natural keyboard

                        mm had one of those. Quite good actually. But quite large and the lack of wireless was a bit annoying.

                      1. 3

                        I use split ergonomic keyboards both at work and at home: https://github.com/omkbd/ErgoDash The repo contains all the files one needs to have the PCB and case plates fabricated (not my work).

                        I had the PCBs made at jlc pcb and soldered it all together at home, see: https://images.yourfate.org/#15521316686517 It runs QMK firmware: https://qmk.fm/

                        While it has more keys than a 40% I still use a lot of layered keys. My favorite layer feature is having a “numpad” on the righ thalf of the board, with 456 being on jkl when I press a mod key on the other half. Makes entering many numbers very fast.

                        AMA I guess…

                        1. 3

                          I feel like it would be difficult to type on this if the two parts weren’t always the same distance apart and at the same angle of rotation. Do you find that you’re constantly making micro-adjustments to get the two parts into your preferred position?

                          1. 3

                            No, I actually sometimes move them apart to have stuff like documents, a notepad, or food between them. I can use them In lots of distances, as long as the angles of my wrists are right, which you can adjust on the fly.

                          2. 2

                            What do you think of the QMK firmware? Did you use a ready made solution before this?

                            1. 3

                              I like that in QMK I can easily remap keys and create new functions on layers. They have an online configurator where you can edit the layout to your liking and get a new firmware binary: https://config.qmk.fm/#/ergodash/rev1/LAYOUT

                              You can also edit the layout locally and compile it yourself, some advanced functions are not available in the configurator.

                              I have used many ready made keyboards before, but liked the idea of the ergodash. I’m very happy with these keyboards so far.

                            2. 2

                              Can you report on how painful it is to have the {/} and [/] keys split between the left half and the right half?

                              I experimented with similar designs here, but I was always concerned about this issue.

                              1. 2

                                I have them somewhere else. I have them on a layer on P and the button to the right of it. I press the layer button on the left half, then P and the button to the right of it are [].

                                This works nicely for me. In general I have my layout set up so that it’s always the opposite hand pressing the layer button (i.e. left hand switching layers for the right hand and vice versa).

                                If you’re interested, my config.json is here: https://gitlab.com/youRFate/keymaps/blob/master/ergodash/layers.json

                                You can dl it and plug it into https://config.qmk.fm/ to see the layers etc.

                                1. 2

                                  I have ([{/}]) on separate hands, it needs a little getting used to, but once that happens, it’s very, very nice to have them that way.

                                  It’s only a problem when one of your hands is mousing, but for that, I have a trackball between the halves, so very little hand movement is required between keyboard and ball, and thus, no real issue with hitting either part of the pair.

                              1. 2

                                Wouldn’t there be paid programmers working on musl already? You know as how the majority of linux patches comes from profesionals? In comparison V-lang is not even out yet.

                                1. 18

                                  I’m working on a post describing the time system of TempleOS. It’s a very interesting thing. The documentation for it is actually somewhat wrong, it doesn’t have sub-second resolution like it claims. I’m gonna walk through how the code works as well as how to interface with the real time clock.

                                  1. 4

                                    can’t wait. So you basically only have POSIX time() to work, with returning the time as integers counting seconds?

                                    1. 4

                                      From what I’ve dug into so far, yes. I am pretty sure that there’s a higher resolution timer because of the 3D rendering stuff in TempleOS, but I think that might end up using the processor timers instead of the system ones.

                                      1. 4

                                        Yeah you’re right that it wouldn’t work without a timer.

                                        Is the timer code writteh in assembly or holy-C?

                                        1. 3

                                          I’m fairly sure it’s HolyC, but I need to dig more into things.

                                          1. 3

                                            How did you notice that it doesn’t support sub second resolution?

                                            1. 3

                                              Here is the code to read the time from the CMOS Real-Time Clock. Here is the structure it reads into. Note that it doesn’t populate the first two struct fields (b[0] and b[1] respectively in KDate.HC function NowDateTimeStruct). I am not sure how these are used yet, but I need to do more looking into the code.

                                              1. 2

                                                Seems like you are right, should be sec10000 and sec100 right? Whatever that means, maybe on account of being BCD coded?

                                                Have you found any timing code elsewhere that uses sub second timing?

                                                1. 1

                                                  Not yet!

                                    2. 2

                                      Where will you be posting it? I’d like to read that. I’m interested in learning from TempleOS’s interactive editor and shell, but I haven’t spent time to set it up yet in a VM. TempleOS is probably a treasure trove of little bits that we could learn from.

                                      1. 3

                                        my bet would be this: https://christine.website/

                                        1. 3

                                          I’ll also post it here!

                                    1. 4

                                      Quit and decided to do whatever I felt like. Don’t feel bad about it as there is plenty of potential off it helping someone in need, all the results beeing open source … Not for the faint of heart perhaps, sucks being broke all the time but it beats existensiall dispair and depression from working yourself half to death for a job that means nothin to you :D

                                      1. 1

                                        Thank you! I hope you can keep it up. 3 months ago, I am not sure I would have agreed with you that being broke is better, but I am starting to come around.

                                      1. 5

                                        Gonna finally take a serious look at Nim now that they have released something that might soon become a release candidate for 1.0. I’ve been looking at them for longer than I can remember, but never really dove in. I don’t fully understand why I haven’t done that until now, but perhaps I just need the hype that Nim’s lacking :-/

                                        I might attempt to clone PugSQL to Nim to motivate learning the language.

                                        Fantasizing about starting a blog again, possibly using Hugo.

                                        Also enjoying the Finnish midsummer at the summer cottage with family.

                                        1. 2

                                          Nim is great fun, spent like 2 months with the language. Well documented and a good community.

                                        1. 3

                                          Working on a follow up to my 0-learning curve chord demo, namely a 0-learning curve morse demo. Not necesserily a practical plan but trying to generalize things as far as you can might pay off elsewhere…

                                          Long term I’m hopping to find clues on:

                                          • helping the disabled
                                          • smartphones and tablets usable for work
                                          • text entry in VR/AR

                                          Along with the ideas of Universal Design, optimizations made for extreme cases can lead to improvements all across the spectrum.

                                          Chord demo, which I am hopefull of. To early to say but trained stenographists do >200wpm, so worth a shot. Early limited demo http://tbf-rnd.life/blog/2019/06/16/0-learning-curve-chorded-typing/

                                          1. 2

                                            So this is for an online dot net demo IDE. Expected something more crazy.

                                            1. 2

                                              Yeah. the root cause appears to be cross-compiling through WASM or asm.js and not using console.log for printing stuff but the actual window.print() function (which triggers the print dialog).

                                            1. 1

                                              Care to share what ideas you want to play around with?

                                              1. 1

                                                oh I had this idea of using git metadata to generate RSS feeds.

                                                1. 1

                                                  I really like this concept, and nice job on the initial implementation! Now I want some bluetooth-enabled chorded keyboard hardware!

                                                  A couple comments: I find the thumb button being drawn inline with the others confusing. I think it would be more clear if the visual layout matched actual layout.

                                                  Also, the prediction is not very prominent. I’m not sure how best to improve that, though.

                                                  Finally, for me, it would probably be more clear if the letters were laid out as a QWERTY keyboard. I’m so used to looking at one on touchscreens, that it would be easier to find the letter I want next.

                                                  Keep up the good work!

                                                  P.S. your “Become a Patron” buttons/links are not actually links.

                                                  1. 1

                                                    I did have it thoughts on displaying the thumb as subscript, i.e. a bit further down. But forgot thank you for remembeting.

                                                    The prediction is a 5-gram PPM on a single wikipedia article. So simply giving it more data would go a long way.

                                                    Good suggestion about presenting it as a QWERTY keyboard. Now it’s done as a recursive z - map. Meant to be a space filling curve. So that numbers and close letters become close in 2d.

                                                    thanks for the feedback and the info on the links

                                                    https://www.patreon.com/TBF_RnD

                                                    1. 1

                                                      On prediction, I was commenting specifically on how the predicted letters don’t stand out much. You might consider giving more of a color/brightness contrast, instead of size. And maybe just a few letters should have significant contrast, instead of it being a somewhat linear highlighting distribution.

                                                      1. 1

                                                        Yes, I’m not entirely happy with them either. Lets’ see what In can do.

                                                        Yeah only like 20 % should be more visible or so.

                                                        My earlier experiments got much better results in this aspect

                                                        sigma.eruditenow.com tree-board in particular

                                                        Fun fact: one experiment on this made it possible to type chinese in the game setting at 20 wpm or so (that is 3000 symbols) so it is a very powerfull approach

                                                        1. 1

                                                          But you see that the colors change right? The original color and white doesn’t have that big a distance between them.

                                                          Got better results with my sigma.eruditenow.com experiment tree board in particular.

                                                          https://www.bitchute.com/channel/eruditenow/

                                                          1. 1

                                                            Yeah, there’s just not that much of a contrast.

                                                            1. 1

                                                              will take into account for next experiment. Subscribe to http://tbf-rnd.life/feed to stay up to date

                                                    1. 1

                                                      s/invreased/increased/

                                                      1. 2

                                                        Thank you!

                                                      1. 1

                                                        Anyone have experience of doing this on Android?

                                                        1. 1

                                                          Who needs LaTeX when LibreOffice runs native on your Java-based phone?

                                                          1. 1

                                                            Someone who wants to use mathematical symbols withour being driven to the brink of suicide perhaps?

                                                        1. 9

                                                          Working on a morse code “driver” for a weird project i’m working on. A bunch of us are collaborating on esoteric input devices. Fun project

                                                          Right now i have raw “morse” output working and am working on mode switching (think Vim) to swap between morse output, ascii output and “command” mode.

                                                          https://github.com/zpeters/morsedriver

                                                          https://www.youtube.com/watch?v=Mto-5MXPKlI

                                                          1. 4

                                                            Awesome project! Have you experimented with Morse code input? Years and years ago (maybe 8-9 years) I was looking into a communications project that did not have a keyboard but relied on Morse code input. I never got it working, because humans and understand Morse at basically any speed and cadence and figure out the meaning, but I couldn’t get efficient enough code on an Arduino to differentiate between a brief pause and a dah, or properly handle different input speeds.

                                                            1. 1

                                                              Sorry, i don’t login on lobste.rs too often.

                                                              Coincidentally, i’ve been working on this some more recently with a group of folks researching “esoteric” input devices. I agree the timing is kind of a killer, ideally i think you need something that adapts as the users skill increases. I’m very bad.

                                                              I wrote a morse code “driver” for arduino (teensy specifically) that has different “modes”. There is one mode that outputs “.” (dit), “-” (dah) and “/” (space between words), then i have a mode for ascii output and one for “command mode” - https://github.com/zpeters/morsedriver

                                                              If you are interested in this sort of stuff, i’m working with a group on “Project Alpha” (probably needs a better name). Here is the main project site. Hit me up if you’d like to contribute. We have folks from all sorts of backgrounds (coding and not). - http://tbf-rnd.life/

                                                              Cheers

                                                              1. 1

                                                                PM me or zpeters for invite to chat if you want to discuss.

                                                                A web version is underway as well.

                                                            1. 2

                                                              Working on a HUD assisted chorded text editor. The work is relates to what zpeters is doing.

                                                              Basically a “cheat sheet” is displayed on-screen, as it is dynamic it will highlight probable chords. Cutting down learning time.

                                                              Use cases (long term)

                                                              • glove input in AI
                                                              • potentially much faster in 10 finger mode (speech level wpm)
                                                              • less straining HW devices than keyboards
                                                              • physical disabilities ALS…
                                                              • international text
                                                              • new UI systems -…

                                                              Will be done for morse code later see zpeters comment in this thread!

                                                              1. 18

                                                                I continue being amazed both by how fragile the security of our systems is and the ingenuity of the security researchers. It seems it’s impossible for anyone to completely understand all the implications of every design decision. Even the ECC correction is not enough in this case by exposing yet another side-channel in the latency of reads, giving the attacker the information it needs to know if there has been a flip or not.

                                                                What could be done in order to mititgate side-channels systematically? Is it to go back to simpler, even if slower systems? I don’t think even that would help, right? Is security really a completely unaittenable goal for computing systems? I know that the general idea is that perfect security doesn’t exist and the level of security depends on tradeoffs, but hardware side-channels are very scary and I don’t think it is that much about trade-offs anyway (although I am far from knowledgeable in this).

                                                                I used to have this trust in hardware, don’t know really why, but more and more I’m scared of the amount of ways to get secret information there are (even if impractical).

                                                                I think we humans got into levels of complexity we were completely unprepared for, and we will pay it badly very soon.

                                                                1. 11

                                                                  I continue being amazed both by how fragile the security of our systems is and the ingenuity of the security researchers. It seems it’s impossible for anyone to completely understand all the implications of every design decision.

                                                                  Sort of. Applying covert-channel analysis to Intel CPU’s in the mid-1990’s showed pervasive vulnerability. If you do it at system level, you’d see even more of these problems. I’d seen folks on HN griping about QA being a low priority when they worked at RAM companies. The problems were mostly ignored due to market and management’s economic priorities: make things faster, smaller, and with less power at max profit. That leads to less QA and more integration instead of separation. Both apathetic users and companies supplying their demand got here willingly.

                                                                  The attacks have been really clever. There were always clever defenses that prevented many of them, too. Companies just don’t use them. There’s a whole niche of them dedicated to making RAM untrusted. They define SoC itself as security boundary, try to maintain confidentiality/integrity of pages, and typically take a performance hit from the crypto used to do that. Another strategy was using different DIMM’s for different applications with separation kernels flushing the registers and caches on a switch. The RAM controller would get targeted next if that got popular. Others suggested building high-quality RAM that would cost more due to a mix of better quality and patent royalties RAM cartel would sue for. It has to be high volume, though, if nobody wants to lose massive money up-front. I was looking at sacrificing RAM size to use SRAM since some hardware people talked like it had less risks. I’d defer to experts on that stuff, though.

                                                                  “What could be done in order to mititgate side-channels systematically?”

                                                                  Those of us worried about it stuck with physical separation. I used to recommend small-form PC’s or high-end embedded (eg PCI cards) tied together with a KVM switch. Keep untrusted stuff away from trusted stuff. Probably safest with a guard for what sharing needs to happen. Most people won’t know about those or be able to afford them. However, it does reduce the problem to two things we have to secure at users’ end: a KVM switch and a guard. Many guards have existed with a few high security. I think Tenix making a security-enhanced KVM. It’s a doable project for open source, small company, and/or academia. It will require at least two specialists: one in high-security with low-level knowledge; one doing EMSEC, esp analog and RF.

                                                                  1. 11

                                                                    Is security really a completely unattainable goal for computing systems?

                                                                    Well, yes. Not because they are computer systems, but because they are physical systems.

                                                                    Let’s take fort-building techniques and materials as an analogy. Suppose you want to protect a crown. There was a pre-fort era: anybody could walk up and take the crown, if they knew where it was. Think dialup access to a prod system; no password. Early forts were a single, short, unconnected wall (designed to halt the progress of foes coming at you from a single point) and they were trivial to defeat: think of a front end with a password and a backend database with no password, also connected to the internet. Let’s fast forward…

                                                                    Modern forts have moats and observation towers and doors that are armored and that armor is engineered to be stronger than the walls–which provides a sort of guarantee that they ain’t gonna breach that door–it’s cheaper for them to go through the wall. Modern forts have whole departments dedicated to simply determining ahead of time how powerful the foe’s strongest weapon is and making sure the armor is at least strong enough stop that weapon.

                                                                    You see where I’m going. A fort is never “done”. You must continue to “fortify”, forever, because your foe is always developing more powerful weapons. Not to mention, they innovate: burrowing under your walls, impersonating your staff, etc.

                                                                    That said, there are some forts that have never been breached, right? Some crowns that have never been stolen? This is achieved by keeping up with the Jones, forever. It’s difficult and it always will be, but it can be done.

                                                                    What about physics? Given infinite time, any ciphertext can be brute-forced, BUT according to physics, the foe can not have infinite time. Or, given infinite energy, any armor can be pierced, BUT, according to physics, the foe can not have infinite energy. Well, this isn’t my area, but.. does physics say that the foe can not better at physics? Better keep up…

                                                                    The horror we’re facing now with all these side channel attacks is analogous to the horror that the king in that one-wall fort must have felt. “Oh crap, we’re playing on a massive plane, rather than a single line between them and me. I’m basically fort-less right now.”

                                                                    (EDIT: moved my last paragraph up one and removed the parens that were wrapping it.)

                                                                    1. 3

                                                                      What could be done in order to mititgate side-channels systematically?

                                                                      Systematic physical separation of everything.

                                                                      Provision a new Raspberry Pi for each browser tab :D

                                                                      (more practically, never put mutually untrusted processes on the same core, on the same DRAM chip, etc. maybe?)

                                                                      1. 4

                                                                        There’s not that much unpractical about it, I do it on a daily basis - though Pine64 clusterboard turned out a bit cheaper (~300usd / for 7 tabs) than the PIs. Ramdisk boot chromium (or qemu, or android or, …) as a kiosk in a “repeat-try connect to desktop; reboot” kind of loop. Have the DE allow one connection everytime you want to spawn your “tab”. A bit more adventurous is collecting and inspecting the crashes for signs of n-days…

                                                                        1. 3

                                                                          Provision a new Raspberry Pi for each browser tab :D

                                                                          Ah yes, the good old “Pi in the Sky” Raspberry Pi Cloud

                                                                          1. 3

                                                                            Power usage side channels will still leak data from one Raspberry Pi to another. The only larger point I could tie that to is that perfect defense is impossible, but sebboh already said that quite eloquently, so I’ll leave it at that.

                                                                            1. 6

                                                                              Most of the more esoteric side channels are not readily available to other systems however. Even physically colocated systems aren’t hooked into the same power monitor to watch each other.

                                                                              There will be a never ending series of cpu/ram performance side channels because the means of measurement is embedded in the attack device.

                                                                              1. 3

                                                                                Separate battery systems (power), everything stored at least 30cm apart (magnets) in a lead-lined (radiation) soundproof (coil whine) box. Then you’ll want to worry about protecting the lines to the keyboard and monitor…

                                                                                1. 1

                                                                                  is it possible to protect monitor cables / monitors for remot scanning. From what I’ve gathered there is hardware that can get a really clear picture of what’s on screen from quite the distance. Faraday’s cage around the whole unit and or where you are sitting or what?

                                                                                  1. 2

                                                                                    From my fairly basic knowledge of the physics, yes. Any shifting current in a wire will make that wire act a little like an antenna and emit radio waves, which is how these attacks work. It’s usually undesirable to have the signal you’re trying to send wander off into the ether, so cables are designed to minimize this, but it will always happen a little. Common coax cables already incorporate braided wire mesh or foil around the signal-carrying bits, for example.

                                                                                    But, it can never eliminate it completely. So, it’ll always be another arms race between better shielding and more sensitive detectors.

                                                                                    1. 1

                                                                                      ah so they work against the cable and not the display itself right? Does this mean that say a tablet or a laptop is less susceptible to this kind of attack than a desktop computer?

                                                                                      Also to really be foolproof would it be useful to build faraday’s cages into the walls? I’ve heard that if the metal rods stabilizing the concrete in buildings gets in contact with water that grounds them, creating a faraday’s cage and this explains why cell phones can get really bad reception in old big concrete houses. Wouldn’t it be a sensible measure for large companies to do exactly this but on purpose. For cell reception they could have repeaters inside where that would be needed. Wifi is supposed to stay indoors anyways and yeah chinese spies with tempest equipment shouldn’t get their hands on any radiation either.

                                                                                      1. 2

                                                                                        They’re called emanation attacks. The defense standards are called TEMPEST. Although they claim to protect us, civilians aren’t allowed to buy TEMPEST-certified hardware since they’d have harder time spying on us. You can find out more about that stuff here (pdf), this history, this supplier for examples, and Elovici et al’s Bridging the Airgap here for recent attacks.

                                                                                        The cat and mouse game is only beginning now that teams like Elovici’s are in the news with tools to develop attacks cheaper and more capable than ever. It’s why Clive Robinson on Schneier’s blog invented concept of “energy gapping.” All types of matter/energy that two devices share is potentially a side channel. So, you have to mitigate every one just in case. Can’t just buy a product for that. ;)

                                                                                        1. 2

                                                                                          yeah I heard about TEMPEST there was this fun program that let you broadcast FM or AM via your CRT that I played with forever ago tempest for eliza or something.

                                                                                          messed up that they make laws against things like that.

                                                                                          My thinking is to protect the whole house at once or why not cubicle depending on how much you are willing to spend on metal of course

                                                                                          1. 1

                                                                                            This?

                                                                                            Far as whole house, they do rooms and buildings in government operations. A lot of the rooms don’t have toilets because the pipes or water might conduct the waves. Air conditioning is another risk. Gotta keep cellphones away from stuff because their signal can bounce off the inside of a passively-secured device, broadcasting its secrets. All sorts of issues. Safes/containers and SCIF-style rooms are my favorite solutions since scope of problem is reduced.

                                                                                            1. 1

                                                                                              Yeah that’s the one.

                                                                                2. 2

                                                                                  I always recommended EMSEC safes with power filters and inter-computer connections being EMSEC-filtered optical. So, yeah, it’s a possibility. That said, some of these systems might not have the ability for firmware, kernel code, or user code to measure those things. If none are this way, new hardware could be designed that way with little to no modifications of some existing hardware. Then, a compromise might just be limited to whats in the system and whatever the code can glean from interactions with hardware API’s. On the latter, we use ancient mitigations of denying accurate timers, constant-time operations, and masking with noise.

                                                                                  I think there’s potential for making some of those attacks useless with inexpensive modifications to existing systems. Meanwhile, I’m concerned about them but can’t tell you the odds of exploitation. We do need open designs for EMSEC safes or just containers (not safes), though.

                                                                              2. 3

                                                                                I used to have this trust in hardware, don’t know really why, but more and more I’m scared of the amount of ways to get secret information there are (even if impractical).

                                                                                As long as there’s physical access to a machine, that access will be an attack vector. As long as there’s access to information, that information is susceptible to being intercepted. It comes down to acknowledging and securing against practical attack vectors. Someone can always cut my brakes or smash my windows and take my belongings from my car, but that doesn’t mean I operate in fear every time I park (of course this is a toy analogy: it’s much easier and far less risky to steal someone’s digital information, EDIT: and on second thought, you would immediately know when your belongings have been tampered with).

                                                                                From the paper:

                                                                                We now exploit the deterministic behavior of the buddy allocator to coerce the kernel into providing us with physically consecutive memory

                                                                                Does the Linux kernel currently have any mitigations like randomization within its allocators? I believe this is orthogonal to ASLR.

                                                                                1. 2

                                                                                  Hardware is cheap; use that as your security boundary between trust domains. On-device process separation, virtualization, still makes a lot of sense for other reasons (compatibility, performance, resilience), but it is about as alive as a parrot in a monty python sketch when it comes to security. Rowhammer should have been the absolutely last straw in that respect - there were plenty of indicators well before then. What sucks is that the user-interfaces and interaction between hardware separated tasks (part of the more general ‘opsec’ umbrella) is cumbersome at the very best. Maybe that is easier to fix than multiple decades of opaque hardware…

                                                                                  1. 4

                                                                                    Consumer grade hardware may be cheap; Power and hardware with ECC RAM support is not so much. With dedicated hardware you are burning a lot more power for useful computations performed.

                                                                                    For this particular attack, AMD’s Secure Encrypted Virtualization (SEV) is an actual solution and is mentioned as such in the paper. Intel’s Multi-Key Total Memory Encryption (MKTME) should be too when it comes out. Unfortunately software support is not really what I would call complete yet.