That's right, not everybody'sgonna take the time to recompile anything.
At 12:50 04/12/00 -0600, Larry Paul wrote:
>I agree up to a point. There are literlly millions of people out there who
>are neither gurus nor programmers.
I agree. That' true. but the fact that a company is willing to make its
system usable with other products is a sign that she is not trying to
do things on behalf of us.
>These people rely on someone else (like
>you or like Microsoft or ___?____) to tell them what is good & what is safe.
>Who ARE you going to trust?? Their only alternative would be to stop using
>computers. (not an option,really) Even programmers can not really tell if
>proprietary code is safe. Contrary to what Ben said, 50 thousand lines of
>undocumented, uncommented assembly code is "unknowable". And also no, I
>repeat, NO dis-assembler is 100% accurate due to coding errors, use of
>undocumented & unsupported code, unstructured programming etc.
Once again, I agree. one of the main fundamental results in computer science is
that there is no algorithm to prove whether a program termintes or not. as
a consequence,
there is no algo to prove that a program does just what it is supposed to do.
in practice, this means it is really hard to assess a program. so at last,
even the
fwtk is not 100% trustworthy in theory. This means someone could put code
in that
does what you don't want: send proprietary data to whomever they coded in when
some event happens. on the other hand, the fact that the fwtk src code is
available
makes it less probable to have such things, as there are so many people who
have walked arounf the code. this is untrue of proprietary code.
So though releasing the source code isn't enough, it is still far more of a
proof
of honesty than keeping secrets about anything.
There are three things that are well known:
- there ae problems exporting crypto between some countries
- crypto theory is far advanced compared to practice
- a good implementation is to provide trust at the first place, marketing/sales
objectives are for the company not for customers.
so MS and other companies will gain more to provide APIs for things like
openssl
and support the latter than try to market their proprietary encryption code.
at least, they shoyld tell us what their code do, so that experts say the
word about
it. otherwise, it can't be trsuted: it may be buggy, it may contain
backdoors, ...
in the best situation, one does not feel ok with.
>The problem with computers is they always do what I TELL them to do
>instead of what I WANT them to do. LP :)
the real problem is not computers: they always do what one tell'em to do.
the problem is with "bad" people who tell computers to do bad things while
marketing that they do good things for us:)
cheers,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
