- From: Andreas Kuckartz <a.kuckartz@ping.de>
- Date: 18 Oct 2013 08:19:27 +0200
- To: "David Singer" <singer@apple.com>
- Cc: "Mark Watson" <watsonm@netflix.com>, "cobaco" <cobaco@freemen.be>, "public-restrictedmedia@w3.org" <public-restrictedmedia@w3.org>
David Singer: > actually, I seriously doubt that anyone here wrote their own compiler, > in assembly, and from scratch, or knows the complete details of the chips > they use, let alone have read every line of code that is in their O/S. > > <http://cm.bell-labs.com/who/ken/trust.html> > "No amount of source-level verification or scrutiny will protect you from using untrusted code." > > not that it is terribly relevant, mind you. It is relevant. I would not really be surprised if that article by Ken Thompson has been read by more people in the last few months than in the two decades before. And a few FOSS projects are now debating how to deal with this attack model - and others which until this year were widely considered paranoid and not relevant. And it definitely is correct that trust in hardware has decreased significantly. That is the main reason why support for the Open Hardware movement is now growing. BTW: It is not necessary that a person exists who has read "every" line of code in some piece of software to create trust (or reduce mistrust) in that software. Cheers, Andreas
Received on Friday, 18 October 2013 06:20:02 UTC