undefined | Better HN

0 pointsbrookst2y ago0 comments

That’s true of everything you haven’t compiled yourself, using a compiler you wrote and bootstrapped yourself.

There is no technical proof that any of the software or hardware we use every day is trustworthy. There is, however, incentive alignment that makes it unlikely that companies do wild and crazy things.

0 comments

4 comments · 2 top-level

fsflover2y ago· 2 in thread

> That’s true of everything you haven’t compiled yourself

Except if your software is reproducible: https://reproducible-builds.org/

brookstOP2y ago

Still not 100% secure. Someone can MITM your connection and forge the info used to verify builds.

It’s a silly example, but the point stands: there is no 100% security for anything that any other person or system has had any access to. It’s not a reasonable standard to demand.

fsflover2y ago

There is no 100% of anything, but there is a reasonable security.

rekoil2y ago

> That’s true of everything you haven’t compiled yourself, using a compiler you wrote and bootstrapped yourself.

Don't forget the hardware you built yourself. [1]

1: https://en.wikipedia.org/wiki/Intel_Management_Engine

j / k navigate · click thread line to collapse