[ale] Open Fire on Windows Viruses
Dustin Puryear
dpuryear at puryear-it.com
Fri Feb 19 11:05:34 EST 2010
Remind me to not use a semicolon on this list.. ;-)
---
Puryear IT, LLC - Baton Rouge, LA - http://www.puryear-it.com/
Active Directory Integration : Web & Enterprise Single Sign-On
Identity and Access Management : Linux/UNIX technologies
Download our free ebook "Best Practices for Linux and UNIX Servers"
http://www.puryear-it.com/pubs/linux-unix-best-practices/
-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Michael B. Trausch
Sent: Thursday, February 18, 2010 8:27 PM
To: Atlanta Linux Enthusiasts - Yes! We run Linux!
Subject: Re: [ale] Open Fire on Windows Viruses
So, before you read my reply below, I have just some minor commentary on
your writing. I'd suggest capitalizing "Internet" when referring to
_the_ Internet, since it is a proper noun. I would also suggest not
capitalizing things that are not proper nouns (such as "operating
system"). As far as other non-proper nouns go, if you want to emphasize
them, do, but don't do it with initial caps because it doesn't quite
read the way you'd expect when you're just coming to the topic. If
every Important Concept (hah, see what I did there? ;-)) were
capitalized, it gets to be a bit difficult to read or gives the
appearance of obvious bias, instead of nudging the reader in the
intended direction.
Those are just my 2¢ there. More follows, though.
On 02/18/2010 05:13 PM, arxaaron wrote:
> I try to
> address Mike's other critiques by clarifying that the
> issues being addressed by Open Source and Free
> and Freedom Friendly Software are practical and self
> evident levels of trust WORTHINESS, and not an
> expectation absolute or automatic "TRUST". As a
> general rule, I think any exchange of goods or services
> will be more Worthy of Trust the further that ulterior
> motives of greed and secrecy are removed from the
> transaction.
I was able to finally remember what I was trying to say the other night.
The notion of trust and the whole discussion had me thinking that I
had read something on it a while back. Indeed, it was Ken Thompson's
Turing Award lecture, "Reflections on Trusting Trust".
In particular, he says, "You can't trust code that you did not totally
create yourself. (Especially code from companies that employ people
like me.) No amount of source-level verification or scrutiny will
protect you from using untrusted code."
In this passage, what he is discussing is the C compiler that he rigged
such that, when fed the non-rigged compiler source code, the temporary
rigged compiler would generate a compiler that was also rigged. It
would also bug the system's login program such that it would accept a
backdoor password for any valid system login. It also rigged the
disassembler such that looking for these issues would result in the
affected code blocks being hidden.
He also makes the statement just under the title on the paper, "Perhaps
it is more important to trust the people who wrote the software." This
brings me back to the argument that I think I made somewhat
ineffectively. In order to trust, say, GNOME, you would not only have
to be aware of every line of code written that is itself GNOME, but you
have to know and trust the people that put their time and effort into
GNOME, a good majority of the GNU stack (including GCC and its 9.5+
million lines of source code and the GNU libc 1+ million lines of source
code), the Linux kernel (8.2+ million lines of source code), and the
firmware and hardware on the computer system that you are running.
I'm not sure that I trust everything in the stack all that terribly
wonderfully. I cannot say with any level of certainty, for example,
that there is not something in my computer's firmware that logs my
keystrokes and sends them off somewhere when it sees IP traffic going
through my network interfaces. After all, it's entirely within the
realm of possibility, and the ROM BIOS in this system has enough space
to have code that does that, in my estimation.
Then again, I don't know that I can trust any of the software components
I mentioned above, just because they are so large. I won't go to the
trouble to try to figure out just what all of GNOME and its dependencies
on a GNU/Linux system are, but already I've enumerated about 18.7+
million lines of source code. If I could read 1 KLOC per day, it would
take me 18,700 days to audit all of it. And I haven't even mentioned
any of the base source packages that make GNU/Linux UNIX-like, nor am I
including misc. additional dependencies of the Linux kernel, or any of that.
Do I trust it enough to use it? Sure. Do I make any sort of assumption
that any of my data is truly private? No. If I wanted data to be
*truly* private, I would not store it in a computer system at all, even
encrypted, unless that computer system _never_ had outbound
communication via any medium. To my knowledge, it's the only way that
one can be absolutely sure that a system isn't rigged in the way that
Thompson rigged his C compiler and it's subsequent compiled output.
Because after all, having the source is pretty much irrelevant (at least
when it comes to this).
Now, should this whole mail have any influence on what you write?
Probably not. These are pretty in-depth issues that most people---at
least most people that I know---have less than zero interest in thinking
about.
--- Mike
--
Michael B. Trausch ☎ (404) 492-6475
_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
More information about the Ale
mailing list