Share this page!

Xeno Kovah Profile picture
Twitter logo
18 Oct, 9 tweets, 2 min read
I have another thought on OST2 all-you-can-learn buffet classes that I wanted to share separate from that other thread, since this will probably be a future blog post: Another eventual goal is to use them to hand over the reins for my material to a new instructor
Basically you can imagine having someone else who knows x86-64 assembly very well acting as a “TA” in some larger OST2-B (ost2.fyi/Thoughts-on-OS…) classes, helping to answer questions. Because the key thing is that an instructor should know the material well enough to explain it
Regardless of what curveball questions students ask. Or alternatively if they don’t know, they should be able to go look it up or determine the answer experimentally while the student goes back to watching videos, before getting back to them with an answer
One can then imagine eventually promoting the TA to being the only instructor present at an OST2-B class, so that they get the proceeds from the class primarily for themselves (perhaps minus a 10% cut for the instructor who’s videos they’re still using ;))
And then after that one can imagine asking them to put in the full work to re-record the class videos, maybe make a few new labs, etc, and then they would subsequently get the full proceeds of subsequent OST2-B classes for themselves
It seems like a good way for me, or any other instructor, to enable content continuity and gradually give a potential new instructor progressively more responsibility
It’s very much in line with the original thinking behind OST1, where I wanted to make sure that classes I developed while at MITRE didn’t end up without a plan to be able to be handed off to other instructors (who did indeed keep teaching some internally)
But it’s also nice because it will allow a white male like me to find someone other than a white male to hand material off to, so we can have a more diverse set of instructors become the role models for a more diverse set of students
I would note that a lot of the instructors working on future OST2 classes are yesterday’s OST1 students. And a lot of today’s OST2 students will become tomorrow’s OST3 instructors.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Xeno Kovah

Xeno Kovah Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @XenoKovah

Xeno Kovah Profile picture
18 Oct
There’s one week left to register for the first-ever in-person #OST2 all-you-can-learn buffet class on x86-64 assembly, OS internals, and firmware: hardwear.io/netherlands-20…
There’s a lot of open questions around this experiment, most notably “will students be interested in coming to an in-person training to get direct support instead of just taking the free online version?” And so far the answer seems to be yes
The fact that I have multiple attendees, even while we’re in the midst of the pandemic, and everyone’s still a bit skittish about in-person conferences and trainings makes me very optimistic about the format for the future
Read 8 tweets
Xeno Kovah Profile picture
14 Aug
I just extracted the self-reported completion times data from the Architecture 2001: x86-64 OS Internals #OST2 beta class students who filled out all 10 entries, and it looks like the following. Some thoughts below… Image
1) This was originally created targeting about 2 days (~14 hours after subtracting lunch ;)) of in-person delivery. You can see a *few* students could do it in that time, but most needed more time. This is why I really like that I can now let students learn at their own pace
I don’t really think anyone’s well-served by the 1-size-fits-all approach of dragging students through a class in less time than they need to understand the material. If someone needs 62 hours to finish a class, I say give it to them!
Read 10 tweets
Xeno Kovah Profile picture
12 Aug
Thread: This would perhaps be a good time to point out that while it’s absolutely true that Windows’ UEFI SecureBoot is intentionally not designed to defend against physical presence, that’s actually an improvement I shot for with Mac SecureBoot, first on T2 and then M1
I termed the security goal “P != X” meaning mere physical possession *in and of itself* should not equal code execution. Rather, possession must be combined with knowledge of an administrator password before you could disable that critical security feature.
I was able to shoot for this because Macs have a couple things going for them: 1) the first user which is set up is an administrator user by default 2) all Macs have a “recovery OS” (originally an HFS partition, and then an APFS volume), which has always been digitally signed
Read 17 tweets
Xeno Kovah Profile picture
22 Nov 19
Check it out for more about the first-in-the-world work @coreykal & Rafal Wojtczuk have done for UEFI DMA protection and UEFI sandboxing of PCIe Option ROMs
@coreykal Or for the work @NikolajSchlej and I did on bringing SecureBoot to the Mac
@coreykal @NikolajSchlej Enabling VT-d before there's even RAM available? It's what you gotta do ¯\_(ツ)_/¯ Image
Read 4 tweets
Xeno Kovah Profile picture
6 Oct 19
Thread: A while back I was asked to add SGX attack papers to the timeline. That seemed reasonable to me, so I started collecting them...and then got distracted before I had worked through cross-references and such...
In general I'm not super interested in capturing the SGX/SideChannel category of papers, because they're mostly academic papers, which already do a good job of citation. So you can always just look at the end of the latest few papers to find most of the previous papers...
Whereas, the stuff I normally capture is conference talks / blog posts, and the non-academic security community does a *terrible* job of citing related work, hence why it needs collection
Read 23 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @XenoKovah has new unrolls!

Check out other threads from @XenoKovah!

Read all threads by @XenoKovah

:(