On Thu, Jul 30, 2015 at 6:11 PM, The Doctor <drwho@virtadpt.net> wrote:
So what you're basically saying is that the entire tech stack, all the way back to far edge pf electromechanical information processing is basically completely untrustworthy.
A purist might say that, and you'd have a hard time refuting them because for the most part, you raced to build a system that "works", not necessarily one you "trust" or that is proofed. The point is, that if you're going to consider, analyze, create and certify trust, you have to rip apart your current way of thinking in some pretty mind bending ways. Because everyone has been cultured since birth to accept things that are blindly handed to them as trusted. Where along the historical line of tools would you feel confident or shaky in using such tool, effectively blindly dropped into your hand, to create or do something you trust with it, and why?
From sandpaper to CNC machine... From knife to MRI... From relay to the latest Xeons and ARM's...
https://www.schneier.com/blog/archives/2006/01/countering_trus.html Even with things like this, when it comes to hardware it's still turtles. You can't use an Intel CPU to crosscheck an Intel CPU. With actors like the NSA and datagrabber ideology inserting and rooting stuff everywhere, you probably can't use any other closed CPU either. Destructively testing your rig just to replace it with an untested copy is pointless.
There is no way at all to trust anything that we can't actually see the logic gates of with the naked eye
Theoretically, if the image data is passed through a computer to your eye on the screen, yes. Unless you know that the entire history and process that produced the suspect gates that were just placed in your hand (or equivalently, your imaging rig)... is trusted.
which would put us... where? Maybe tens of computations per second, at most? A little more (but not much)?
No, use that level to build the next faster and so on.
Fuck it. Time to go home, everyone. They Won.
Purists? Turtles? Who knows. But one thing's for certain, today's hardware and production is closed. And just as with closed source software, it would be a far stretch to point at the billion+ transistors on your desk and genuinely say "Yeah, I trust that". That should be enough reason to put serious thought and action into creating an opensource process that could print trusted opensource hardware... an open fab. Otherwise you're effectively saying "Fuck it".