Site News

Still working on the new codebase. About halfway through getting the auth system to behave and integrate with OpenID providers; starting to give thought to how to organize actual site functionality.

As a PSA, I would continue to recommend against shared-server (cloud hosting) arrangements, due to the prevalence of side channel attacks on modern CPUs. There’s, of course, the well-known Spectre class of attacks; a similar principle can be used to leak encryption keys when using a modern Intel or AMD CPU’s ability to perform AES crypto in hardware; below that layer, modern CPUs have what is called a “management engine” to perform system initialization and maintenance functions. As it turns out, the firmware powering these MEs is also vulnerable to attacks, including remote-exploitable arbitrary code execution attacks. All this leads me to believe that the course of wisdom in hosting arrangements is, at minimum, dedicated servers. Ideally, dedicated servers on a dedicated network, but I am unfortunately not aware of any providers offering that, shy of renting a rack, deploying one’s own hardware, and one’s own firewall.