Myra Nelson wrote:
There is one last problem with trust that no one can cure. You either
trust
the devs or you don't. This is illustrated by a classic quote from Ken
Thompson
"The moral is obvious. You can't trust code that you did not totally create
yourself. (Especially code from companies that employ people like me.) No
amount of source-level verification or scrutiny will protect you from using
untrusted code. In demonstrating the possibility of this kind of attack, I
picked on the C compiler. I could have picked on any program-handling
program such as an assembler, a loader, or even hardware microcode. As the
level of program gets lower, these bugs will be harder and harder to detect.
A well installed microcode bug will be almost impossible to detect." From
this article http://cm.bell-labs.com/who/ken/trust.html
.<http://cm.bell-labs.com/who/ken/trust.html>
Myra Nelson
Right.
That's what I referred to when I began the mail with
First off, there's an implicit level of trust on the package software,
nomatter which OS you use...
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
