Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #53836 > unrolled thread

Re: Can I trust downloading Python?

Back to article view | Back to comp.lang.python

This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by below is the oldest one visible, not the original post.

Contents

  Re: Can I trust downloading Python? Michael Torrie <torriem@gmail.com> - 2013-09-07 21:04 -0600
    Re: Can I trust downloading Python? Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-09-08 12:32 +0000
      Re: Can I trust downloading Python? "Charles Hottel" <chottel@earthlink.net> - 2013-09-08 12:08 -0400
        Re: Can I trust downloading Python? Chris Angelico <rosuav@gmail.com> - 2013-09-09 02:39 +1000
          Re: Can I trust downloading Python? Steven D'Aprano <steve@pearwood.info> - 2013-09-09 09:41 +0000
            Re: Can I trust downloading Python? Anthony Papillion <papillion@gmail.com> - 2013-09-09 06:02 -0500
            Re: Can I trust downloading Python? Michael Torrie <torriem@gmail.com> - 2013-09-09 10:23 -0600
            Re: Can I trust downloading Python? William Ray Wing <wrw@mac.com> - 2013-09-09 12:40 -0400
            Re: Can I trust downloading Python? Michael Torrie <torriem@gmail.com> - 2013-09-09 10:44 -0600

#53836 — Re: Can I trust downloading Python?

On 09/07/2013 07:17 PM, Aaron Martin wrote:
> Hi, I am thinking about getting a software but it requires python, so that
> brought up a few questions. Is it safe do download python, and does it come
> with spam or advertisements? If it doesn't then should I get the latest
> version? I mostly want to know if it is safe to download, because most of
> the time downloading free stuff off the internet comes with spam and all
> that, so I want to know if I can trust downloading it.

Yes if you download binaries from the official sources (python.org web
site) there is a reasonable assumption that the binary is free from
malware or viruses.  I've never heard of programmings coming with spam
before ;).  Usually that arrives unbidden in my inbox.

As for trusting python in general, I do trust the python developers, but
recent NSA revelations call just about all aspects of computing, trust,
and privacy into doubt.

[toc] | [next] | [standalone]

#53844

On Sat, 07 Sep 2013 21:04:59 -0600, Michael Torrie wrote:

> As for trusting python in general, I do trust the python developers, but
> recent NSA revelations call just about all aspects of computing, trust,
> and privacy into doubt.

"Recent" revelations? Where have you been for the last, oh, 20 odd years?

Remember when people who talked about Carnivore and Echelon were 
considered in tin-foil hat territory? I do.

I think it was Paul Krugman who talks about the one thing worse than 
being wrong is being right too soon. In context, he's referring to the 
Bush administration's adventures in Iraq, and how those who were right a 
decade ago are still routinely ignored even after being proven right, 
while the Very Serious People who were utterly, obviously wrong are still 
feted as experts. The same applies to the surveillance society. This 
didn't just appear overnight. You don't build programmes the size and 
complexity of PRISM, Tempora, Stellawind, X-Keyscore, Dropmire, and no 
doubt others that we still don't know about, overnight.

When it comes to NSA spying, before Edward Snowden, there were these 
other guys:

http://www.usatoday.com/story/news/politics/2013/06/16/snowden-whistleblower-nsa-officials-roundtable/2428809/


And if you think it's just the NSA, you *really* haven't been paying 
attention. From 2005:

http://www.noplacetohide.net/



-- 
Steven

[toc] | [prev] | [next] | [standalone]

#53846

"Steven D'Aprano" <steve+comp.lang.python@pearwood.info> wrote in message 
news:522c6e4e$0$29988$c3e8da3$5496439d@news.astraweb.com...
> On Sat, 07 Sep 2013 21:04:59 -0600, Michael Torrie wrote:
>
>> As for trusting python in general, I do trust the python developers, but
>> recent NSA revelations call just about all aspects of computing, trust,
>> and privacy into doubt.
>
> "Recent" revelations? Where have you been for the last, oh, 20 odd years?
>
> Remember when people who talked about Carnivore and Echelon were
> considered in tin-foil hat territory? I do.
>
> I think it was Paul Krugman who talks about the one thing worse than
> being wrong is being right too soon. In context, he's referring to the
> Bush administration's adventures in Iraq, and how those who were right a
> decade ago are still routinely ignored even after being proven right,
> while the Very Serious People who were utterly, obviously wrong are still
> feted as experts. The same applies to the surveillance society. This
> didn't just appear overnight. You don't build programmes the size and
> complexity of PRISM, Tempora, Stellawind, X-Keyscore, Dropmire, and no
> doubt others that we still don't know about, overnight.
>
> When it comes to NSA spying, before Edward Snowden, there were these
> other guys:
>
> http://www.usatoday.com/story/news/politics/2013/06/16/snowden-whistleblower-nsa-officials-roundtable/2428809/
>
>
> And if you think it's just the NSA, you *really* haven't been paying
> attention. From 2005:
>
> http://www.noplacetohide.net/
>
>
>
> -- 
> Steven

I think this article is relevant althought the code examples are not Python 
but C:

http://cm.bell-labs.com/who/ken/trust.html

[toc] | [prev] | [next] | [standalone]

#53847

On Mon, Sep 9, 2013 at 2:08 AM, Charles Hottel <chottel@earthlink.net> wrote:
> I think this article is relevant althought the code examples are not Python
> but C:
>
> http://cm.bell-labs.com/who/ken/trust.html

That is quite true, and yet not truly helpful here :) It's like
pointing out that we could be being fed false information, and then
suggesting that The Matrix is technically possible. Once you start
distrusting to that level, you become paranoid to a point that's
inappropriate to all but the most critical situations. I'd accept and
maybe even recommend that sort of paranoia if you're running a nuclear
power station, or an automated weapon system capable of firing
missiles that destroy the planet, or a bank that holds everyone's
money. For the average Joe, there's no point panicking.

Also: That hack works beautifully when there's precisely one C
compiler. In today's world, there are many (well known ones like gcc,
clang, MS Visual Studio (whatever the compiler from that is called),
and a bunch of lesser-known ones as well), and it's pretty easy to
just grab a different compiler and build. The chances that your code
will be falsely compiled by TWO compilers would have to be
infinitesimal, and you needn't stop at two. Since many people build
(to take one example) gcc from source, using an old version of gcc,
the hack would have to be propagated to all current gcc builds in some
way - you can't simply build once and install the binary as the
official C compiler, not in today's distributed society. (If you're
truly paranoid, you might believe that gcc has had the hack in it
since its inception. But some people build gcc using other compilers,
too.)

If you can't trust any code you didn't write yourself, you're left
with Rene Descartes' line "I think, therefore I am" - it's impossible
to prove anything else, since you can't trust your senses. So go
ahead! Distrust everything and use nothing. Or accept that, even if
you're the target of a huge conspiracy, it doesn't even matter,
because life still goes on :)

ChrisA

[toc] | [prev] | [next] | [standalone]

#53860

On Mon, 09 Sep 2013 02:39:09 +1000, Chris Angelico wrote:

> On Mon, Sep 9, 2013 at 2:08 AM, Charles Hottel <chottel@earthlink.net>
> wrote:
>> I think this article is relevant althought the code examples are not
>> Python but C:
>>
>> http://cm.bell-labs.com/who/ken/trust.html
> 
> That is quite true, and yet not truly helpful here :) It's like pointing
> out that we could be being fed false information, and then suggesting
> that The Matrix is technically possible. Once you start distrusting to
> that level, you become paranoid to a point that's inappropriate to all
> but the most critical situations. I'd accept and maybe even recommend
> that sort of paranoia if you're running a nuclear power station, or an
> automated weapon system capable of firing missiles that destroy the
> planet, or a bank that holds everyone's money. For the average Joe,
> there's no point panicking.
> 
> Also: That hack works beautifully when there's precisely one C compiler.
> In today's world, there are many (well known ones like gcc, clang, MS
> Visual Studio (whatever the compiler from that is called), and a bunch
> of lesser-known ones as well), and it's pretty easy to just grab a
> different compiler and build. The chances that your code will be falsely
> compiled by TWO compilers would have to be infinitesimal, and you
> needn't stop at two. 

That logic is dubious. Compilers aren't compromised by chance, and we 
don't know the a priori probability of any specific compiler being 
compromised. That depends on the attacker, surely? We know, for example, 
that the NSA has compromised multiple brands of router, smart phone and 
similar. If they, or some other similar organisation with equivalent 
capabilities, were going to attack compilers in the same manner, they 
surely wouldn't stop at one.

Would people notice? How often do people compare the machine code output 
of two different compilers, looking for back-doors in the generated code? 
Would you know where to look? If you found some differences, wouldn't you 
likely just chalk it up to different compilers producing different code? 

I think the best argument against this suggestion is that it would be an 
order of magnitude harder to compromise open source compilers, as you 
discuss below, and therefore gcc is *probably* (but not certainly) safe. 
But closed source? If Microsoft inserted a backdoor into Windows 8 on 
behalf of the NSA, as seems to be the case, then surely they'd also do 
the same to Visual Studio if asked.

Organisations like the NSA don't operate under the rule "if there is one 
single uncompromised machine on the planet, we've lost". It's a numbers 
game. If (hypothetically speaking) they had inserted backdoors into 
Visual Studio, gcc and clang, but not Larry's Cool C Compiler, I don't 
think they're going to lose sleep over that.


> Since many people build (to take one example) gcc
> from source, using an old version of gcc, the hack would have to be
> propagated to all current gcc builds in some way - you can't simply
> build once and install the binary as the official C compiler, not in
> today's distributed society. (If you're truly paranoid, you might
> believe that gcc has had the hack in it since its inception. But some
> people build gcc using other compilers, too.)

Yep, I agree -- although probably no individual has inspected the entire 
tool chain involved in building gcc, enough people have inspected each 
individual component that we can be reasonably confident that it is okay.


> If you can't trust any code you didn't write yourself, 

You trust yourself? You sheeple! The truly cautious man doesn't even 
trust himself. You might be an unconscious sleeper agent. Haven't you 
watched The Running Man?

(Ha ha only serious.)



-- 
Steven

[toc] | [prev] | [next] | [standalone]

#53862

On 09/09/2013 04:41 AM, Steven D'Aprano wrote:
> On Mon, 09 Sep 2013 02:39:09 +1000, Chris Angelico wrote:
> 
>> On Mon, Sep 9, 2013 at 2:08 AM, Charles Hottel <chottel@earthlink.net>
>> wrote:
>>> I think this article is relevant althought the code examples are not
>>> Python but C:
>>>
>>> http://cm.bell-labs.com/who/ken/trust.html
>>
>> That is quite true, and yet not truly helpful here :) It's like pointing
>> out that we could be being fed false information, and then suggesting
>> that The Matrix is technically possible. Once you start distrusting to
>> that level, you become paranoid to a point that's inappropriate to all
>> but the most critical situations. I'd accept and maybe even recommend
>> that sort of paranoia if you're running a nuclear power station, or an
>> automated weapon system capable of firing missiles that destroy the
>> planet, or a bank that holds everyone's money. For the average Joe,
>> there's no point panicking.
>>
>> Also: That hack works beautifully when there's precisely one C compiler.
>> In today's world, there are many (well known ones like gcc, clang, MS
>> Visual Studio (whatever the compiler from that is called), and a bunch
>> of lesser-known ones as well), and it's pretty easy to just grab a
>> different compiler and build. The chances that your code will be falsely
>> compiled by TWO compilers would have to be infinitesimal, and you
>> needn't stop at two. 
> 
> That logic is dubious. Compilers aren't compromised by chance, and we 
> don't know the a priori probability of any specific compiler being 
> compromised. That depends on the attacker, surely? We know, for example, 
> that the NSA has compromised multiple brands of router, smart phone and 
> similar. If they, or some other similar organisation with equivalent 
> capabilities, were going to attack compilers in the same manner, they 
> surely wouldn't stop at one.

But (and this is stepping into *really* paranoid territory here. But
maybe not beyond the realm of possibility) it would not be so hard to
compromise compilers at the chip level. If the NSA were to strike an
agreement with, say, Intel so that every time a compiler ran on the
system, secret code was discreetly inserted into the binary, it would be
nearly impossible to detect and a very elegant solution to a tough problem.

[toc] | [prev] | [next] | [standalone]

#53875

On 09/09/2013 05:02 AM, Anthony Papillion wrote:
> But (and this is stepping into *really* paranoid territory here. But
> maybe not beyond the realm of possibility) it would not be so hard to
> compromise compilers at the chip level. If the NSA were to strike an
> agreement with, say, Intel so that every time a compiler ran on the
> system, secret code was discreetly inserted into the binary, it would be
> nearly impossible to detect and a very elegant solution to a tough problem.

Indeed it is really paranoid territory, but now doesn't seem quite as
far fetched as one originally thought a few years ago!  We'll still
trust (we have to; we have no other choice), but the level of trust in
computers in general has certainly gone down a notch and will never
quite be the same.

[toc] | [prev] | [next] | [standalone]

#53878

On Sep 9, 2013, at 12:23 PM, Michael Torrie <torriem@gmail.com> wrote:

> On 09/09/2013 05:02 AM, Anthony Papillion wrote:
>> But (and this is stepping into *really* paranoid territory here. But
>> maybe not beyond the realm of possibility) it would not be so hard to
>> compromise compilers at the chip level. If the NSA were to strike an
>> agreement with, say, Intel so that every time a compiler ran on the
>> system, secret code was discreetly inserted into the binary, it would be
>> nearly impossible to detect and a very elegant solution to a tough problem.
> 
> Indeed it is really paranoid territory, but now doesn't seem quite as
> far fetched as one originally thought a few years ago!  We'll still
> trust (we have to; we have no other choice), but the level of trust in
> computers in general has certainly gone down a notch and will never
> quite be the same.
> 
> 
> -- 
> https://mail.python.org/mailman/listinfo/python-list

I think that is pretty far fetched.  It requires recognition that a compiler is being compiled.  I'd be REALLY surprised if there were a unique sequence of hardware instructions that was common across every possible compiler (current and future) and which wouldn't (couldn't) exist in arbitrary non-compiller execution, which could be used to trigger insertion of a backdoor.

-Bill

[toc] | [prev] | [next] | [standalone]

#53879

On 09/09/2013 10:40 AM, William Ray Wing wrote:
> I think that is pretty far fetched.  It requires recognition that a
> compiler is being compiled.  I'd be REALLY surprised if there were a
> unique sequence of hardware instructions that was common across every
> possible compiler (current and future) and which wouldn't (couldn't)
> exist in arbitrary non-compiller execution, which could be used to
> trigger insertion of a backdoor.

Agreed.  Most of the damage done by the NSA is in the realm of social
engineering more than technical.  IE they compromise companies more than
the algorithms themselves.  The end points always are the weak things.
And yes, Free software that is open source is more resistant to such
tampering.

[toc] | [prev] | [standalone]

Back to top | Article view | comp.lang.python

csiph-web