undefined | Better HN

0 pointskryten12y ago0 comments

Well you hope it is.

All sorts can happen between source and binary.

0 comments

6 comments · 2 top-level

jmillikin12y ago· 4 in thread

There's enough security researchers (of any hat color) crawling over the Chrome binaries that I'm fairly confident there are no backdoors being introduced. To verify, you could disassemble the Chrome binary and compare it against a disassembled Chromium binary that you built. You could also use a packet sniffer and/or MITM proxy to verify that no unexpected data transmissions are occurring.

krytenOP12y ago

That assumption relies on two uncertainties:

1. The probability of discovering something in all that binary code, especially with the intricate and non-orthogonal nature of x86/x64 assembly and odd compiler optimisations. This isn't some 80's game.

A comparison:

    28500000 = Chrome binary size [1]
   750000000 = Human Genome size (converted to bytes - 1BP = 2bits so 4BP per byte) [2]

So we're only 26x more complicated than Chrome and we have absolutely no fucking idea what is going on with us most of the time.

2. The probability of a vulnerability being published to Google versus selling it on the private market.

[1] http://neugierig.org/software/chromium/bloat/

[2] http://www.biostars.org/p/5514/

jmillikin12y ago

The actual comparison would be between the Chrome binary size and the Chromium binary size, which is quite small if you exclude embedded graphical resources.

1 more reply

claudius12y ago

That probably depends on your definition of ‘backdoors’. Some of the data Chrome sends to Google could easily be considered a breach of privacy (and the corresponding functionality hence supposedly doesn’t exist in Chromium).

jmillikin12y ago

I've never heard a claim that Chrome sends more data than Chromium. Do you have a link?

1 more reply

ernesth12y ago

> All sorts can happen between source and binary.

True. But also true of firefox. But you can install chromium and firefox from source and be sure that apart from your compiler nobody planted anything in your browser.

j / k navigate · click thread line to collapse

0 comments

6 comments · 2 top-level

jmillikin12y ago· 4 in thread

krytenOP12y ago

That assumption relies on two uncertainties:

A comparison:

    28500000 = Chrome binary size [1]
   750000000 = Human Genome size (converted to bytes - 1BP = 2bits so 4BP per byte) [2]

So we're only 26x more complicated than Chrome and we have absolutely no fucking idea what is going on with us most of the time.

2. The probability of a vulnerability being published to Google versus selling it on the private market.

[1] http://neugierig.org/software/chromium/bloat/

[2] http://www.biostars.org/p/5514/

jmillikin12y ago

The actual comparison would be between the Chrome binary size and the Chromium binary size, which is quite small if you exclude embedded graphical resources.

1 more reply

claudius12y ago

jmillikin12y ago

I've never heard a claim that Chrome sends more data than Chromium. Do you have a link?

1 more reply

ernesth12y ago

> All sorts can happen between source and binary.

True. But also true of firefox. But you can install chromium and firefox from source and be sure that apart from your compiler nobody planted anything in your browser.

j / k navigate · click thread line to collapse