My manager and I have friendly discussions every month on the job to keep up to date with security news. What we do is we find security news and discuss the many implications.
This week we had a discussion that entered the domain of politics and touched upon religion as well. Let me take you to a place where Security gets... Political.
The article that brought the discussion on is linked below. It talks about the FTC putting up a struggle against NVidia acquiring ARM.
The American government (Or at least part of it) is not a fan of monopolies in places where the government is a customer. As I understand it this is the reason AMD got money to create the iconic AMD Athlon processing unit. the USA did not want to depend solely on Intel for their processing unit.
Alas, now ARM is being acquired by NVidia, but they have somewhat of a unique position in the chip market at the moment. As I understand it, many of ARM's designs are used in NVidia and other products when it comes to special-purpose processing units (self-driving systems for example).
The FTC also seems to be concerned that NVidia would get access to data from competing businesses that also have business interactions with ARM.
This is of course a privacy risk, and on top of that there is a national security risk here again, because NVidia could technically vendor lock-in the self-driving market. Likely these chip are also used in drones and therefore it would affect the US military. This would make the issue a problem of national security as well.
So the question here is really, is this a problem that can be solved by the free market? Is putting a stop on the acquisition appropriate? Is there actual risk, or is this blown up?
Me and my manager had a good talk about it, I certainly lean more anarchist than he does (but since we are both under authority of the Lord, neither of us can go true anarchist). We concluded at the very least that Government can cause a lot of harm. But also, that a true free market opens up a can of worms since (at least we both believe) humans are inherently flawed and therefor snakes will play poison when they get the chance.
So doomed whether you do or don't.
I believe stopping the acquisition is not the right move. The right move would be to invest in RISC-V and accelerate them to competing status, like what was done with AMD. However, maybe I'm wrong.
Let me know what you think, I believe this is a very intricate discussion to have, and I am fascinated with security being affected by strange things like governments, and business decisions. So when you buy a product, do not just check where it's from, check the market and see what position it holds and might be holding in the future. (Locals, Rumble, and the public trading... Anyone? :P )
/i/2004628280.png?f=meta)
There is so much more to this one chapter, but it is so good already!
I had to cut it short because guests arrived, but this should get you started on your own study :)
@calvinrempel Thank you once again for the Theology Tuesday you did, I refer back to it in this one :)
@JamesDerian Congratulations with your Marriage :)
Next time there might (almost certainly) not be a Theology Tuesday, so the official next one will be February 22nd! I have a marriage to attend. As the groom. Our home is still half a project.
Fun times!
Alc and I talk about my book that is now officially finished. This is part 1 of 2. Parts have not been neatly cut. Part two will air 5 minutes after part 1 for coninuity!
Hope you enjoy :)
This is the third corner to have persistent discussions and talks in. I love tech, but especially once it transcends hardware a little. I have two degrees; a bachelor's in Software Engineering and a master's in Information Security Technology. My graduation thesis focused on assembly-level optimizations (that is, one level above the hardware level) and my free subjects were in formal verification. This is why I love programming in the security corner, or maybe it is the other way around.
I started going down the Security path because I early on saw that the world around us would become a dangerous cesspool of badly-implemented and hostile tech. Now I am one of the people that understands the field around that mess :)
So in here you can discuss secure phones, weird programming languages, sad truths about internet-connected fridges. Also about malware, adblockers, and so on and so fort!
A lot of tech talk I do over at the @Lunduke community, where a lot of nerds hang out and it is ...
Much like the reading corner, let's have a music corner! A few rules for this one, since some music can be provocative. I don't mind much but let's keep youtube links with risque thumbnails out of here.
Other music I might also mind. "Do you find that offensive?" might someone ask. Yes, there is some music I choose not to listen on principle, and I walk a thin line there sometimes. But do not worry, I have a wide taste otherwise so feel free to share almost anything :)
Either way, here is the music corner!
Many times when we talk about security, we mean to say "Digital security". In essence we mean to say that our hardware and software that we use stays safe no matter what we do. And even though the ISO27001 standard (and by extension, for example, the NEN7510 standard) make it abundantly clear that security is a people-domain problem, we usually take that as a process-like truth. Meaning, we think that being secure is a matter of regulating people.
The truth is very different. For example, while writing this I am pretty shot. I slept five hours and I an under influence of a bunch of painkillers and some alcohol. Before you ask what I was thinking, let me mention that I have a genetic defect in my spine that I am dealing with right now by taking measured doses of all three (and yes, to get the Bible into this conversation, there is even a biblical ground for the inebriation with alcohol - see proverbs and the letters to Timothy - , although I did not use red wine. But hey, I am still on top of ...
