[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Pan-users] Re: OT: freedomware vs... Was: Building Pan on Windows?
From: |
Steven D'Aprano |
Subject: |
Re: [Pan-users] Re: OT: freedomware vs... Was: Building Pan on Windows? |
Date: |
Sun, 7 Mar 2010 13:21:55 +1100 |
User-agent: |
KMail/1.9.9 |
On Sun, 7 Mar 2010 05:48:26 am Alan Meyer wrote:
> I have to agree with some of your points. On the issue of trust,
> for example, I trust that the open source software that I run is
> safe. However I have found that a number of closed source
> programs I have installed on my Windows machines included
> spyware. And those are the ones I was able to find out about.
> There may be many others that I didn't find out about that also
> include spyware.
>
> That's not to say that all authors of non-free software are
> untrustworthy, but without the source code we can't easily tell
> if they are trustworthy.
I'm not quite as vehement as Duncan, but as a general principle I agree
with him. I also agree with you regarding the trustfulness of source vs
binary-only distribution, *but* as a matter of practicality, who has
the time or expertise to do a full code audit of all their applications
and operating system? For all I know, Charles has inserted a cunning
piece of software into Pan which monitors everything I type and sends a
copy to him, and either nobody has spotted it or those who have are in
on the plot...
(Paranoid? Are you working for them??? *wink*)
But even having access to the source code isn't itself enough to trust
the software. You also need to have access to the compiler used to
build the software. Not just the compiler itself, but the source code
of that compiler, AND the source code of the compiler used to build the
compiler. In short, you need to analyse the entire tool chain that
builds the application.
The great Ken Thompson (co-inventor of Unix and inventor of B, the
precursor to C) published a paper "Reflections on Trusting Trust" which
describes how he subverted the C compiler to insert a backdoor to the
login program:
http://en.wikipedia.org/wiki/Backdoor_(computing)#Reflections_on_Trusting_Trust
http://cm.bell-labs.com/who/ken/trust.html
I say all this, not to disagree with the basic premise that open source
software is generally more trustworthy than closed source, or to
disagree that transparency is valuable, but to point out that malware
can come in many disguises.
--
Steven D'Aprano
- [Pan-users] Re: OT: freedomware vs... Was: Building Pan on Windows?, (continued)
- [Pan-users] Re: OT: freedomware vs... Was: Building Pan on Windows?, Duncan, 2010/03/06
- Re: [Pan-users] Re: OT: freedomware vs... Was: Building Pan on Windows?, Alan Meyer, 2010/03/06
- Re: [Pan-users] Re: OT: freedomware vs... Was: Building Pan onWindows?, Travis, 2010/03/06
- Re: [Pan-users] Re: OT: freedomware vs... Was: Building Pan onWindows?, Alan Meyer, 2010/03/06
- Re: [Pan-users] Re: OT: freedomware vs... Was: Building Pan onWindows?, Joe Zeff, 2010/03/06
- Re: [Pan-users] Re: OT: freedomware vs... Was: Building Pan onWindows?, Rob, 2010/03/06
- [Pan-users] Re: OT: freedomware vs... Was: Building Pan onWindows?, Duncan, 2010/03/07
- Re: [Pan-users] Re: OT: freedomware vs... Was: Building Pan onWindows?, walt, 2010/03/07
- [Pan-users] Re: OT: freedomware vs... Was: Building Pan onWindows?, Duncan, 2010/03/07
- Re: [Pan-users] Re: OT: freedomware vs... Was: Building Pan onWindows?, Steven D'Aprano, 2010/03/06
- Re: [Pan-users] Re: OT: freedomware vs... Was: Building Pan on Windows?,
Steven D'Aprano <=
- Re: [Pan-users] Re: OT: freedomware vs... Was: Building Pan on Windows?, Alan Meyer, 2010/03/06
- [Pan-users] Re: OT: freedomware vs... Was: Building Pan on Windows?, Duncan, 2010/03/07
- Re: [Pan-users] Re: OT: freedomware vs... Was: Building Pan on Windows?, walt, 2010/03/07
- Re: [Pan-users] Re: OT: freedomware vs... Was: Building Panon Windows?, Travis, 2010/03/07
- [Pan-users] Re: OT: freedomware vs... Was: Building Panon Windows?, Duncan, 2010/03/07
- Re: [Pan-users] Re: OT: freedomware vs... Was: Building Panon Windows?, walt, 2010/03/07
- Re: [Pan-users] Re: OT: freedomware vs... Was: Building Panon Windows?, Steven D'Aprano, 2010/03/07
- Re: [Pan-users] Re: OT: freedomware vs... Was: Building Panon Windows?, Steven D'Aprano, 2010/03/07
- [Pan-users] Re: OT: freedomware vs... Was: Building Panon Windows?, Duncan, 2010/03/08
- Re: [Pan-users] Re: OT: freedomware vs... Was: Building Panon Windows?, Steven D'Aprano, 2010/03/09