Date: Sat, 13 Feb 2016 21:25:39 -0800 From: Kevin Oberman <rkoberman@gmail.com> To: kpneal@pobox.com Cc: John Marino <freebsdml@marino.st>, Kurt Jaeger <lists@opsec.eu>, FreeBSD Mailing List <freebsd-ports@freebsd.org> Subject: Re: synth documentation Message-ID: <CAN6yY1vOq0XCY4Wd3yR=wpmdrmeBx1--Uk_u=boyj%2BF9VrYs=A@mail.gmail.com> In-Reply-To: <20160210172907.GA14793@neutralgood.org> References: <56B9EDC7.1010403@ohlste.in> <56B9F2D6.1090107@marino.st> <20160210015708.GN71035@eureka.lemis.com> <56BAF8E0.7020604@marino.st> <20160210090136.GC46096@home.opsec.eu> <56BAFEBD.9000004@marino.st> <20160210172907.GA14793@neutralgood.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Real programmers toggle in all programs from the switch register. What do you mean, "Computers don't have switch registers any more"? Kids, ask you dad or grandpa what a "switch register" is (was). Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 On Wed, Feb 10, 2016 at 9:29 AM, <kpneal@pobox.com> wrote: > On Wed, Feb 10, 2016 at 10:11:25AM +0100, John Marino wrote: > > On 2/10/2016 10:01 AM, Kurt Jaeger wrote: > > > Hi! > > > > > >> I'm racking my brains and I can't find a single rational reason why > > >> somebody would refuse the package (especially if building it on an > Atom > > >> is the alternative). > > > > > > The famous paper from Ken Thompson: Reflections on trusting trust > > > > > > http://dl.acm.org/citation.cfm?doid=358198.358210 > > > > > > > The source is publicly available on github. The only way that Thompson > > paper could apply is if a trojan is inserted at the FreeBSD package > > builder level. > > Or at your local level. See below. > > > So I guess [A] could say FreeBSD package builder is compromised > > (intentionally by FreeBSD project or unknown to all due a hacker). And > > I guess that could be possible, but the counter is: If you cant' trust > > packages built by FreeBSD, how can you trust the FreeBSD base not to > > have a trojan? > > > > Which would mean that only the people that *also* build FreeBSD from > > source would have a leg to stand on. > > > > So I will concede that case: If you accept no binaries at all from > > FreeBSD and only build base and packages from source, then you have a > > point. But still the response, "Then don't complain" applies. It's a > > conscious decision and consequences of decisions must be accepted. > > Well, no, actually there's no end of it. > > Can you trust the compiler used to compile FreeBSD from source? > > Can you trust your motherboard's firmware to not install patches onto > FreeBSD after compiling from source? (This is old hat on Windows to make > it easy for people to get the right drivers from a fresh install of > Windows.) > > Can you trust the update procedure for your board's firmware? > > Can you trust that there isn't a trojan in your CPU's microcode? > > Seriously, it never ends. You just have to pick a level and say you trust > everything below that. > -- > Kevin P. Neal http://www.pobox.com/~kpn/ > > "A pig's gotta fly." - Crimson Pig > _______________________________________________ > freebsd-ports@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1vOq0XCY4Wd3yR=wpmdrmeBx1--Uk_u=boyj%2BF9VrYs=A>