[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: just saying

On Thu, 24 Nov 2022 16:05:31 -0500
Jeremy Hendricks <jwh1981@gmail.com> wrote:

> I have no idea what you mean. It’s open source and you can analyze
> the code line by line.
> 
You can analyse the *source* code. The machine code it allegedly
produces cannot be analysed any more easily than can closed-source
software. Assembler maps one-to-one to machine code, statements in a
compiled language do not come close to that.

Ken Thompson showed how it's done nearly forty years ago:

https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf

"You can't trust code that you did not totally create yourself.
(Especially code from companies that employ people like me.) No
amount of source-level verification or scrutiny will protect you
from using untrusted code."

I personally would expect every serious compiler in the world to have
been corrupted by one government or another. If something nefarious can
technically be done, a government will do it without a second thought.

Look at it this way: would the CIA/FBI/MI5/etc. allow the use of Linux
to put people beyond their surveillance?

-- 
Joe
Reply to: