On Sat, Dec 08, 2018 at 10:28:18AM -0500, Chris Tyler wrote:
On Sat, Dec 8, 2018 at 7:07 AM Pablo Rath pablo@parobalth.org wrote:
On Fri, Dec 07, 2018 at 04:52:22PM -0500, Hendrik Boom wrote:
On Fri, Dec 07, 2018 at 12:59:44PM +0100, Pablo Rath wrote:
How do you know if the source is closed? :)
Let's assume this is a real question.
Hendrik, I am sorry. I see, I have phrased my (rhetoric) question poorly. What I meant and should have written is mor like: "How can you know if a software behaves well and doesn't shoot the cat when you can't audit the source code?"
I must point out an error here: Ken Thompson proved that auditing source code (of software and the toolchain used to build it) is meaningless in his paper "Reflections on Trusting Trust". That paper/talk was released 34 years ago, and it wasn't theoretical -- it was based on malware that he'd successfully released into the wild many years before.
I remember reading that talk -- Wasn't it a Turing lecture? -- and I don't recall him saying he actually did release that malware -- he just explained what he *could* have done. But he didn't deny it either.
Or do you have firther information on this? If so I'd like to hear it.
Let me be pleased there is more than one C compiler in existence. And that it is undecidable whether an arbitrary piece of code actually compiles C, so that his malware, should it exist, is limited in scope.
What I've heard on this topic is a mere rumour about the IBM Fortran H compiler -- that there was a bug in the optimisation of bitwise logic operations that was present in the object code but not in the source code. Apparently those bitwise logic operations were used in the optimiser, and there was, unfortunately, a fixed point other than the intended one.
And I think we are getting close (but we're not there yet) to the general philosophical question whether we can actually know anything at all.
-- hendrik
(That said, I still prefer to be able to read the source -- just saying we shouldn't attribute disproven benefits to source reading!).
-Chris _______________________________________________ arm-netbook mailing list arm-netbook@lists.phcomp.co.uk http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook Send large attachments to arm-netbook@files.phcomp.co.uk