From: "David Arroyo" <david@arroyo.cc>
To: 9fans <9fans@9fans.net>
Subject: Re: [9fans] Solo factotum
Date: Wed, 31 Dec 2025 00:21:40 -0500 [thread overview]
Message-ID: <8a60199a-6f49-490c-b299-6455f0981b8a@app.fastmail.com> (raw)
In-Reply-To: <8716F627-36EE-445A-B4B4-754C9136596E@quintile.net>
On Tue, Dec 30, 2025, at 23:24, Steve Simon wrote:
> when i used plan9 full time i kept a usb stick containing my encrypted
> secrets (in factotum format) plugged into my terminal.
> i added a clause to my profile to prompt for the password to decrypt it
> and push the text (via read -m) into /mnt/factotum/ctl.
>
> (all from memory, so it may be inexact)
>
> how would the proposed device improve on this? - honest question.
For protocols like dp9ik or ssh, your secrets would never leave the
device. Even if an attacker gained the ability to dump all the memory
on your system, they wouldn't be able to recover your keys. They would
need physical access to your hardware factotum, and then they would
need to overcome whatever read/write protections the hardware device
allegedly has.
Honestly, my own motivations are not security related. I just think it's
cool. I like the idea of attaching a little computer to my computer to
extend it with almost zero configuration. One could imagine a class of USB
devices that only speak 9P, which operating systems would automatically
mount when they're plugged in. In the same vein, I'm interested in
adding 9p over virtio-vsock support to 9front, as a zero-config way for
a hypervisor to expose a factotum, or a /dev/draw, to a 9front guest.
Factotum is just one of the (famous last words) easier functions to
offload; its API surface is small, its messages are small, and its
performance requirements are modest.
David
------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Ta60752663ff08448-M720e7a7a8f75b109572ba59b
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
next prev parent reply other threads:[~2025-12-31 16:19 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-29 10:57 [9fans] Solo factotum (was: Enterable namespaces: /proc/pid/$ns/srv) David Arroyo
2025-12-29 14:40 ` sirjofri via 9fans
2025-12-30 6:28 ` David Arroyo
2025-12-30 17:56 ` [9fans] Solo factotum Dworkin Muller
2025-12-30 21:37 ` sirjofri via 9fans
2025-12-30 23:29 ` ori
2025-12-31 4:24 ` Steve Simon
2025-12-31 5:21 ` David Arroyo [this message]
2025-12-31 17:31 ` ori
2025-12-31 21:47 ` Steve Simon
2025-12-31 9:40 ` sirjofri via 9fans
2025-12-31 16:26 ` ori
2025-12-31 8:51 ` Skip Tavakkolian
2025-12-29 15:32 ` [9fans] Solo factotum (was: Enterable namespaces: /proc/pid/$ns/srv) Shawn Rutledge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8a60199a-6f49-490c-b299-6455f0981b8a@app.fastmail.com \
--to=david@arroyo.cc \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).