Path: csiph.com!usenet.pasdenom.info!gegeweb.org!aioe.org!news.stack.nl!newsfeed.xs4all.nl!newsfeed2.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.013 X-Spam-Evidence: '*H*': 0.97; '*S*': 0.00; 'say,': 0.05; 'true,': 0.05; 'subject:Python': 0.06; 'compiler': 0.07; 'detect': 0.07; 'elegant': 0.07; 'intel': 0.07; 'level,': 0.07; 'inserted': 0.09; 'logic': 0.09; 'python': 0.11; "wouldn't": 0.14; 'beautifully': 0.16; 'binary,': 0.16; 'charles': 0.16; 'chip': 0.16; 'compiler.': 0.16; 'manner,': 0.16; 'nsa': 0.16; 'planet,': 0.16; 'stepping': 0.16; 'two.': 0.16; 'weapon': 0.16; 'wrote:': 0.18; 'examples': 0.20; '>>>': 0.22; 'hack': 0.22; 'header:User-Agent:1': 0.23; "aren't": 0.24; 'helpful': 0.24; 'mon,': 0.24; 'sort': 0.25; 'compiled': 0.26; 'equivalent': 0.26; 'holds': 0.26; 'nearly': 0.26; 'world,': 0.26; 'header:In-Reply-To:1': 0.27; 'point': 0.28; 'chris': 0.29; 'am,': 0.29; 'code': 0.31; 'bunch': 0.31; "d'aprano": 0.31; 'probability': 0.31; 'sep': 0.31; 'steven': 0.31; 'with,': 0.31; 'critical': 0.32; 'quite': 0.32; 'running': 0.33; 'level.': 0.33; 'maybe': 0.34; "i'd": 0.34; 'could': 0.34; 'possible.': 0.35; 'problem.': 0.35; 'beyond': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'there': 0.35; 'false': 0.36; 'surely': 0.36; 'subject:?': 0.36; 'similar': 0.36; 'example,': 0.37; 'two': 0.37; 'being': 0.38; 'system,': 0.38; 'message- id:@gmail.com': 0.38; 'depends': 0.38; 'to:addr:python-list': 0.38; 'visual': 0.39; 'to:addr:python.org': 0.39; 'even': 0.60; 'easy': 0.60; 'money.': 0.60; 'subject:Can': 0.60; 'truly': 0.60; 'most': 0.60; 'information,': 0.61; "you're": 0.61; 'grab': 0.64; 'become': 0.64; 'different': 0.65; 'phone': 0.66; 'here': 0.66; 'capable': 0.67; "today's": 0.70; 'secret': 0.74; 'bank': 0.76; 'power': 0.76; 'article': 0.77; '*really*': 0.84; 'firing': 0.84; 'nuclear': 0.84; 'technically': 0.84; 'territory': 0.84; 'average': 0.93; 'tough': 0.93; '2013': 0.98 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=iE+QH4xZdKTRFaWC5UCmlfrmyAL0v7/HCdjWJ9XivTM=; b=Ra/r9vys4sIGLzlQu1hM/Yjl3C2RVs5kaObfQggrSgNTi4L/svybJ7SGu1dsSOmGuW IzWIQWLa7Sgs+eEGgUnnNjsEbntMk58sd31RhIT8XuAuRGtpCDvMbVw6Xgcf4/qfyZ45 lub12l7znBsPtGGUzImr+YgmRBN8NKhbo8d0eFnQTn/YVepyC47LFhaOCA2GEumIt+ZN c0C9z7/xjyEg6VKN30A6q9hmyTsJFSwB284GVn337QOCOs41HaWQ5SYY76pi/FlgR8nL Rb4U7IK87SxigxIAL5Qt/f9+q3JKtPMJWJgZL9yR20dTH1zD3CDfGXFhylACdLwuECA3 eH0w== X-Received: by 10.182.114.231 with SMTP id jj7mr10954772obb.33.1378724539878; Mon, 09 Sep 2013 04:02:19 -0700 (PDT) Date: Mon, 09 Sep 2013 06:02:18 -0500 From: Anthony Papillion User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130804 Thunderbird/17.0.8 MIME-Version: 1.0 To: python-list@python.org Subject: Re: Can I trust downloading Python? References: <522c6e4e$0$29988$c3e8da3$5496439d@news.astraweb.com> <522d97e1$0$29893$c3e8da3$5496439d@news.astraweb.com> In-Reply-To: <522d97e1$0$29893$c3e8da3$5496439d@news.astraweb.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 43 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1378724549 news.xs4all.nl 15903 [2001:888:2000:d::a6]:54632 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:53862 On 09/09/2013 04:41 AM, Steven D'Aprano wrote: > On Mon, 09 Sep 2013 02:39:09 +1000, Chris Angelico wrote: > >> On Mon, Sep 9, 2013 at 2:08 AM, Charles Hottel >> wrote: >>> I think this article is relevant althought the code examples are not >>> Python but C: >>> >>> http://cm.bell-labs.com/who/ken/trust.html >> >> That is quite true, and yet not truly helpful here :) It's like pointing >> out that we could be being fed false information, and then suggesting >> that The Matrix is technically possible. Once you start distrusting to >> that level, you become paranoid to a point that's inappropriate to all >> but the most critical situations. I'd accept and maybe even recommend >> that sort of paranoia if you're running a nuclear power station, or an >> automated weapon system capable of firing missiles that destroy the >> planet, or a bank that holds everyone's money. For the average Joe, >> there's no point panicking. >> >> Also: That hack works beautifully when there's precisely one C compiler. >> In today's world, there are many (well known ones like gcc, clang, MS >> Visual Studio (whatever the compiler from that is called), and a bunch >> of lesser-known ones as well), and it's pretty easy to just grab a >> different compiler and build. The chances that your code will be falsely >> compiled by TWO compilers would have to be infinitesimal, and you >> needn't stop at two. > > That logic is dubious. Compilers aren't compromised by chance, and we > don't know the a priori probability of any specific compiler being > compromised. That depends on the attacker, surely? We know, for example, > that the NSA has compromised multiple brands of router, smart phone and > similar. If they, or some other similar organisation with equivalent > capabilities, were going to attack compilers in the same manner, they > surely wouldn't stop at one. But (and this is stepping into *really* paranoid territory here. But maybe not beyond the realm of possibility) it would not be so hard to compromise compilers at the chip level. If the NSA were to strike an agreement with, say, Intel so that every time a compiler ran on the system, secret code was discreetly inserted into the binary, it would be nearly impossible to detect and a very elegant solution to a tough problem.