|
From: | Panicz Maciej Godek |
Subject: | Re: Dijkstra's Methodology for Secure Systems Development |
Date: | Sun, 21 Sep 2014 11:04:07 +0200 |
Panicz Maciej Godek <address@hidden> writes:
> [...]
First of all let me say I agree with you; guile-devel is the wrong place
to discuss these things.
I also feel uncomfortable about having been painted as the only person
agreeing with Ian. According to him I was able to understand his idea
at least, but I'm not clear on how it ties in with the rest of reality,
like the possibility of hardware exploits...
Still:
> [...] the back doors can be implemented in the hardware, not in the
> software, and you will never be able to guarantee that no one is able
> to access your system.
Hopefully hardware will be addressed as well sooner or later.
> On the
meanwhile, we can plug a couple holes on the software layer.
Also, if the hardware doesn't know enough about the software's workings,
it will have a hard time exploiting it. Just like in the Thompson hack
case: if you use an infected C compiler to compile a *new* C compiler
codebase instead of the infected family, you will get a clean compiler,
because the infection doesn't know how to infect your new source code.
I think it's quite difficult to find a good balance between being too
naive, and entering tinfoil-hat territory. I've been pretty naive for
most of my life, living under a feeling of "everything bad and dark is
in the past" and that only some anomalies are left. That's seem to be
wrong though, so I'm trying to correct my attitude; I hope I haven't
swayed too much into the tinfoil-hat direction while doing so. :-)
[Prev in Thread] | Current Thread | [Next in Thread] |