[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: X11 exploit info
From: Henry Miller <hank () millerfarm ! com>
Date: 2006-02-12 18:15:54
Message-ID: 200602121215.55137.hank () millerfarm ! com
[Download RAW message or body]
Sigh
Time to reference "Reflections on Trusting Trust: by Ken Thompson
http://cm.bell-labs.com/who/ken/trust.html
Have you personally verified all the laws of physics that allow a computer to
work? How do you know that some physicist hasn't changed the written rules
to be different in some subtile way that allows him access to your computer.
Or perhaps the laws do allow something subtile. Do you know for sure.
Are you running on a CPU that you designed (or at least verified the design)
and manufactured yourself? How do you know someone at Intel/AMD/IBM/...
hasn't put a backdoor in your CPU?
Have your personally verified every line code in all your software? How do
you know there isn't a backdoor in your software? It goes without saying
that you also need to bootstrapped your own compilers?
While you might argue that creating a universal backdoor that works even in
the case of code programs that are not yet written is impossible because it
requires solving the halting problem. I have to ignore that argument though,
because I have not personally verified the halting problem cannot be solved.
(I've gone further than most programmers I know in that I dropped the math
sequence where it is proved one quarter before we got that far, so I have a
chance of verifying the proof)
There are attacks on everything. There is no a person reading this who has
the time to follow all of the steps I outlined above to create a computer
they can fully trust.
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic