Hacker Newsnew | past | comments | ask | show | jobs | submit | kj4ips's commentslogin

I like the idea behind ostree and bootc, but I feel that OCI (with tarlayers) is not a good fit. `repack` makes an absolute hash of things, and since the layers are logically packaged, they will have to be composed somehow, and then ostree becomes only slightly more useful than coreos's A/B usr.

OCI roughly assumes that layers will be laid out in some logical way, and that a given host will see opportunities to reuse across different instances, but with bootc, there will only ever be one instance.

OCI also assumes that individual layers are small enough that it is always worth pulling and unpacking a layer instead of some kind of authentication delta, which is great for a k8s cluster in a center, but not great for devices out on the edge, where you might want this kind of pseudo-immutable system even more.

I really want some standardized way for a manifest in OCI to say that "this content is also available in other format X here".


Note that the status on this is entered/not assigned, so it's in the works. However, the court may have required that they do so before proceeding.

The offending use does not have to be a 1:1 match to dilute.

(not a lawyer; not legal advice)


Trademarks are about recognizability, not about some objective similarity. There's no magic Levenshtein distance from a trademark.

However, they are also scoped to domains, so if there was some non-car business with such a name, they would also be entitled to the name, and the domains tend to be first-come first-serve in those kinds of cases.

Think of all the "Acme" or "A-1" companies that all have different products, and the general public doesn't have an issue conflating them.

(not a lawyer; not legal advice)


I agree pretty strongly. A translation layer like this is making an intentional trade: Giving up performance and HW alignment for less lead time and effort to make a proper port.


They have a Ubuntu derivative called DGX OS, that they use on their current lines.


I wonder which [publicly listed] companies would look at the abandonment of Jetson and still commit to having Nvidia set the depreciation schedule for them.


It's my opinion that nvidia does good engineering at the nanometer scale, but it gets worse the larger it gets. They do a worse job at integrating the same aspeed BMC that (almost) everyone uses than SuperMicro does, and the version of Aptio they tend to ship has almost nothing available in setup. With the price of a DGX, I expect far better. (Insert obligatory bezel grumble here)


At least in most jurisdictions, the egress to a gathering area can __never__ be blocked, there is some provisions for delay on emergency exits, but those require NRTL certification, and are actually usually mechanical.

You might be able to lock it down during periods of limited occupancy, and you can rig it to an annoying alarm, and maybe try to identify the person, and ban them from future. It is possible to get variances for this, but you usually need to either be a medical or penal facility.


Thanks for clarifying the finer points, my exposure to these systems is sending people to wire them up (mostly electrical but sometimes the control wiring) and not so much on the code side.

I looked up a wiring diagram for a similar gate and saw it had a fire alarm input so I assumed the AHJ in this case approved it based on the ability for the gate to open when an alarm condition is detected. That being said, it seems like a danger to me.

A regional hardware store chain has turnstiles at the entry points and swing gates at exits, which seems much safer for access control in a big box store.


Two main reasons I can think of:

Most current BMC platforms are older than seL4

Most run on hardware that is not supported by seL4, or at least on hardware where it has not been validated.

Not to mention that a task manager would be needed as well as tons of other services which aren't provided out of the box, and don't share the verification provided guarantees.


Pretty much all of them allow unrestricted access from KMS from factory, tough all of them have a way to disable it once configured, and HPE even throws shade until it's limited. KMS only works from the host itself.


Do we know if this is also the case for other systems that use Aspeed/ami BMCs, or if the key pair in question is exclusive to SM?


Yes it is.

Supermicro is one of the only vendors that tries to prevent this attack at all through RoT.

Other vendors you can flash whatever unsigned firmware you want. It’s very useful for adding in microcode for intel engineering samples, or malware…


This is not true. Almost all firmware is signed by every vendor, and there are standards from Intel and amd on implementation of code signing.

Look up Intel pfr.


Signed ≠ enforced.

At least for 4677 Intel stuff, gigabyte & HP and others let you modify the firmware and flash it.


HPE at least makes you flip a DIP switch, otherwise it complains loudly and halts.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: