undefined | Better HN

story

0 pointspbhjpbhj10y ago0 comments

>this is like calling someone a murderer because he went to the same high school as a murderer //

I'd say a closer analogy would be because he had the same blood splatter pattern on his clothes as a murderer. But neither is a useful analogy they're just biased by our perspective on Google.

0 comments

sqeaky10y ago

Think about these peoples starting point. They want a complete OS and application set built from source that is completely auditable.

This is direct circumvention of that.

Additionally, you can never prove you have removed all of your security flaws. The best you can do is search harder to become more confident that none exist. There is no way to prove that a privilege escalation flaw does not exists. Now arbitrary code is run against you wishes and without your permission.

No one can prove it didn't run a privilege escalation attack. If you think your digital security is of paramount importance you must assume you have been compromised and take steps to remedy this potential issue.

It is not that google is guilty, it is that moments before this happened security was provable and now it is not.

mehrdada10y ago

I think you are underestimating how much stuff you can actually prove. There's an entire field doing software verification which deals which formalizing aspects of the execution environment and proving absence of certain properties, i.e. classes of bugs, in a system. Sure, your proofs might rely on some "assumptions", but testing, a mere search for the bugs, is surely not the only way to ensure correctness.

sqeaky10y ago

Its not about what I am thinking. I never said anything about my thoughts on it. Perhaps I think computer security can be improved with liberal applications of butter and jelly or something equally ridiculous.

The people in question think it is an issue. They do this because of their starting point.

j / k navigate · click thread line to collapse

0 comments

sqeaky10y ago

Think about these peoples starting point. They want a complete OS and application set built from source that is completely auditable.

This is direct circumvention of that.

It is not that google is guilty, it is that moments before this happened security was provable and now it is not.

mehrdada10y ago

sqeaky10y ago

The people in question think it is an issue. They do this because of their starting point.

j / k navigate · click thread line to collapse