Matthew Garrett

@[email protected]
16.1K Followers
168 Following
6.2K Posts
Former biologist. Actual PhD in genetics. Security at Nvidia, OS security teaching at https://www.ischool.berkeley.edu. Blog: https://codon.org.uk/~mjg59/blog . He/him.
Bloghttps://codon.org.uk/~mjg59/blog
Signal@mjg.59
Matthew Garrett1d ago

I will be at the Linux Security Summit in Minneapolis next month, talking about enabling hibernation on systems with lockdown enabled.

(The context is that I'm the person who disabled hibernation when lockdown is enabled and I've been promising to fix it forever, and then it came up twice in my nvidia interviews last year, so I've committed to speaking about it so I actually do it)

Matthew Garrett1d ago
Google kindly sending me an earthquake alert 4 minutes after I opened the fridge and was confused why everything was vibrating as a result
Show threadMatthew Garrett1d ago
This isn't me saying that what's happening is good, it's me saying that we've had decades of trying to force new people into existing norms and the trend is that it doesn't work and what's our answer to that going to be
Show threadMatthew Garrett1d ago
Identity is a hard problem and it's just been made harder and also the environment is moving fast enough that everyone trying to sell something is focused on MCP and we've somehow decided that 2026 is the year that The Unix Philosophy finally reenters the ring to rousing music
Show threadMatthew Garrett1d ago
All I'm actually saying here is that (waves broadly) a lot more people who have never opened a PR or maintained a project being in a position to either open a PR or maintaining a project is going to result in them not behaving within the social norms we've developed as a group that is, to be fair, far less insular than in the 90s but is still somewhat insular compared to society as a whole and yes we are going to have to get used to the equivalent of HTML mail and top posting
Matthew Garrett1d ago

You have an agent running on your local system. You want it to have access to a restricted set of things, both locally and remote. What is the technical mechanism you use to ensure that it has a subset of the access that you, as an individual logged into the same system, do?

(I am uninterested in "Don't run an agent" because while yes I see your point that doesn't mean it's not happening and security professionals have to deal with what's happening not what we want to be happening)

Matthew Garrett1d ago
Democratising software development inherently means that people are going to develop software in ways you don't like and which seem objectively wrong and welp that's also the argument people made against Linux so, it;s impossible to say if its bad or not
Matthew Garrett2d ago
Had a couple of people ask me about the details of my personal hosting setup, so here you go: https://codon.org.uk/~mjg59/blog/p/self-hosting-as-much-of-my-online-presence-as-practical/
Self hosting as much of my online presence as practical

Because I am bad at giving up on things, I’ve been running my own email server for over 20 years. Some of that time it’s been a PC at the end of a DSL line, some of that time it’s been a Mac Mini in a data centre, and some of that time it’s been a hosted VM. Last year I decided to bring it in house, and since then I’ve been gradually consolidating as much of the rest of my online presence as possible on it.

Matthew Garrett's Blog
Matthew Garrett4d ago

Well ok this all works now, which means that all my posting presence is a decent approximation of self-hosted (for varying degrees, I'm not hosting a bsky webapp and I don't know that there'd be a real benefit in doing so at this point)

Mastodon: Self hosted
Blog: Self hosted
Email: Self hosted
Bsky: PDS is self hosted

And backups on two continents so I'm sure this will all be entirely fine

Show threadMatthew Garrett5d ago
(I would especially not do that if the email also contained multiple defamatory assertions the court had ordered me not to repeat)