[ale] Open Fire on Windows Viruses
arxaaron
arxaaron at gmail.com
Fri Feb 19 10:52:49 EST 2010
Thanks for the comments Charles. And yeah... those intro
sentences were bothering me still as well, and your
suggestions work much better. Several of your other points
are well taken and will be used for correction or improvement.
Thanks for the feedback!
peace
aaron
On 2010/02/19, at 09:59 , Charles Shapiro wrote:
> Aaron, you are a Hero and a Saint, and this could be a valuable start
> on a pamphlet or web page. Here are some writing//grammar//style
> points I picked up in a quick read.
>
> The first sentence: "Just like avoiding contagious illness in the
> physical world,
> the best protections against computer infections involve
> simple, common sense precautions. " is subtly confusing. I'm pretty
> sure the "like" and the gerund ("avoiding") here is not quite right.
> Maybe putting it in 2nd person is better: "Just as you avoid
> contagious illness in the physical world, the best protections against
> computer infections are simple, common-sense precautions". Hmm.
> "Avoiding contagious illness in the physical world is simple. So is
> avoiding computer infection. You just need a few common sense
> precautions." Maybe you're packing too many ideas into one sentence.
> Usually when I stumble over something like this as I read it I take it
> as a signal that it should be broken up.
>
> "Flipping this analogy affirms that" can go. You already flip it in
> the sentence. No need to point out what you're doing.
>
> In the 2nd paragraph, "After the options of choosing.." can go in
> favor of "After choosing". Also, the usual usage is "software", not
> "softwares". The same holds for the "softwares" in the 4th paragraph.
>
> In the 5th paragraph, "publicly" is irrelevant. Publish implies
> publicly. Also you have a plural disagreement in " Further indicators
> that a true Open Source program is trustworthy is when . . ."
> I think you mean "are that" here. The same problem is in paragraph 6,
> at "The increasing numbers
> of interactive features on the internet has spawned a" I think that
> "number" should be singular, so it should read "The increasing number
> of interactive features on the internet has spawned...". You could
> make the case that it should read "The increasing numbers of
> interactive features on the internet have spawned..."
>
> The phrase "intentional vulnerabilities being intentionally built into
> commercial computer products." needs to lose one "intentional".
>
>
> If you've read this far, you're **really** khoul. And I think this is
> a Great Thing, don't get me wrong.
>
> -- CHS
>
>
>
> On Thu, Feb 18, 2010 at 9:27 PM, Michael B. Trausch
> <mike at trausch.us> wrote:
>> So, before you read my reply below, I have just some minor
>> commentary on
>> your writing. I'd suggest capitalizing "Internet" when referring to
>> _the_ Internet, since it is a proper noun. I would also suggest not
>> capitalizing things that are not proper nouns (such as "operating
>> system"). As far as other non-proper nouns go, if you want to
>> emphasize
>> them, do, but don't do it with initial caps because it doesn't quite
>> read the way you'd expect when you're just coming to the topic. If
>> every Important Concept (hah, see what I did there? ;-)) were
>> capitalized, it gets to be a bit difficult to read or gives the
>> appearance of obvious bias, instead of nudging the reader in the
>> intended direction.
>>
>> Those are just my 2¢ there. More follows, though.
>>
>> On 02/18/2010 05:13 PM, arxaaron wrote:
>>> I try to
>>> address Mike's other critiques by clarifying that the
>>> issues being addressed by Open Source and Free
>>> and Freedom Friendly Software are practical and self
>>> evident levels of trust WORTHINESS, and not an
>>> expectation absolute or automatic "TRUST". As a
>>> general rule, I think any exchange of goods or services
>>> will be more Worthy of Trust the further that ulterior
>>> motives of greed and secrecy are removed from the
>>> transaction.
>>
>> I was able to finally remember what I was trying to say the other
>> night.
>> The notion of trust and the whole discussion had me thinking that I
>> had read something on it a while back. Indeed, it was Ken Thompson's
>> Turing Award lecture, "Reflections on Trusting Trust".
>>
>> In particular, he says, "You can't trust code that you did not
>> totally
>> create yourself. (Especially code from companies that employ people
>> like me.) No amount of source-level verification or scrutiny will
>> protect you from using untrusted code."
>>
>> In this passage, what he is discussing is the C compiler that he
>> rigged
>> such that, when fed the non-rigged compiler source code, the
>> temporary
>> rigged compiler would generate a compiler that was also rigged. It
>> would also bug the system's login program such that it would accept a
>> backdoor password for any valid system login. It also rigged the
>> disassembler such that looking for these issues would result in the
>> affected code blocks being hidden.
>>
>> He also makes the statement just under the title on the paper,
>> "Perhaps
>> it is more important to trust the people who wrote the software."
>> This
>> brings me back to the argument that I think I made somewhat
>> ineffectively. In order to trust, say, GNOME, you would not only
>> have
>> to be aware of every line of code written that is itself GNOME, but
>> you
>> have to know and trust the people that put their time and effort into
>> GNOME, a good majority of the GNU stack (including GCC and its 9.5+
>> million lines of source code and the GNU libc 1+ million lines of
>> source
>> code), the Linux kernel (8.2+ million lines of source code), and the
>> firmware and hardware on the computer system that you are running.
>>
>> I'm not sure that I trust everything in the stack all that terribly
>> wonderfully. I cannot say with any level of certainty, for example,
>> that there is not something in my computer's firmware that logs my
>> keystrokes and sends them off somewhere when it sees IP traffic going
>> through my network interfaces. After all, it's entirely within the
>> realm of possibility, and the ROM BIOS in this system has enough
>> space
>> to have code that does that, in my estimation.
>>
>> Then again, I don't know that I can trust any of the software
>> components
>> I mentioned above, just because they are so large. I won't go to the
>> trouble to try to figure out just what all of GNOME and its
>> dependencies
>> on a GNU/Linux system are, but already I've enumerated about 18.7+
>> million lines of source code. If I could read 1 KLOC per day, it
>> would
>> take me 18,700 days to audit all of it. And I haven't even mentioned
>> any of the base source packages that make GNU/Linux UNIX-like, nor
>> am I
>> including misc. additional dependencies of the Linux kernel, or any
>> of that.
>>
>> Do I trust it enough to use it? Sure. Do I make any sort of
>> assumption
>> that any of my data is truly private? No. If I wanted data to be
>> *truly* private, I would not store it in a computer system at all,
>> even
>> encrypted, unless that computer system _never_ had outbound
>> communication via any medium. To my knowledge, it's the only way
>> that
>> one can be absolutely sure that a system isn't rigged in the way that
>> Thompson rigged his C compiler and it's subsequent compiled output.
>> Because after all, having the source is pretty much irrelevant (at
>> least
>> when it comes to this).
>>
>> Now, should this whole mail have any influence on what you write?
>> Probably not. These are pretty in-depth issues that most people---at
>> least most people that I know---have less than zero interest in
>> thinking
>> about.
>>
>> --- Mike
>>
>> --
>> Michael B. Trausch ☎ (404)
>> 492-6475
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
More information about the Ale
mailing list