Not all made up though. I’ve been following this one’s mailing list for a while https://en.wikipedia.org/wiki/Zephyr_(operating_system)
Rowan Thorpe
- 0 Posts
- 4 Comments
Joined 1 year ago
Cake day: June 3rd, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
I never used Reddit other than the rare view via a search-engine when trying to find something. I now lurk Lemmy daily but barely ever post. I read so many enlightening things here. Not leaving.
If you’re only talking about Storage (data at rest) or Network (data in transit) then encrypt/decrypt offsite and never let symmetric keys (or asymmetric private keys) near the VPS, or for in-transit you could similarly setup encrypted tunnels (symmetric/private keys offsite only) where neither end of the tunnel terminates at the VPS. If you’re talking about Compute then whatever does the processing inherently needs access to decrypted data (in RAM, cache, etc) to do anything meaningful. Although there are lots of methods for delegating, compartmentalising, obfuscating, etc (like enclaves, TPM/vTPM…) the unavoidable truth is that you must trust whomever owns the base-infra ultimately processing your data. The one vaguely useful way to use “other people’s computers” trustlessly is with SMPC (secure multi-party computation) spread sufficiently widely across multiple independent (preferably competing - or even adversarial!) virtual-computation providers, with an “N-of-M keys” policy that avoids any single provider being able to attain a meaningful level of access to your data independently, or being able to view tangible portions of your data while providing functionality during SMPC. That stuff gets super-niche though.