[ale] Cory Doctorow, right again

mike at trausch.us mike at trausch.us
Fri Mar 16 13:42:07 EDT 2012 

On 03/16/2012 01:29 PM, James Sumners wrote:
> It has applications that are shipped with it. And you can use webapps
> all day long. You don't _have_ to use the AppStore. But if you do use
> it, then you still have to decide if you trust the developer. If you
> install something that seems scummy in the description (poorly
> translated descriptions, bad reviews, etc.) then that's on you. It
> isn't the fault of anyone, or anything, else.

And what if you install a highly-rated, seemingly legitimate app that
does things that you aren't aware of because you have no way to possibly
be aware of them?

There are security concerns with any application software on any
platform or device that are a mile long and simply cannot be addressed
by the average user.  These problems will likely never go away, unless
the entire world moves to a model where the source code for all software
becomes generally available.  And even then, you have the problems that
were discussed in “Reflections on Trusting Trust” (a very worthwhile
read if you haven't), making it almost completely impossible to sanely
be able to settle on any level of trust in software.  One would have to
take a copy of a (as Thompson calls it) "bugged" binary and examine it
on a system that is known to not be bugged.

I don't know about you, but I don't have the means to create a
completely isolated environment in which to be able to assert such
levels of trust.  At least not yet; it would be possible to do but it
would not be really doable without a great deal of time, effort and money.

And even then, who would be insane enough to trust anyone else to create
such a thing for them?  :-)

	--- Mike

-- 
A man who reasons deliberately, manages it better after studying Logic
than he could before, if he is sincere about it and has common sense.
                                   --- Carveth Read, “Logic”

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 729 bytes
Desc: OpenPGP digital signature
Url : http://mail.ale.org/pipermail/ale/attachments/20120316/04308f03/attachment.bin

More information about the Ale mailing list