Re: [dev] SGI Irix look (4Dwm)

From: Martti Kühne <mysatyre_AT_gmail.com>
Date: Wed, 22 Oct 2014 19:49:50 +0200

> Who are we talking about? *I* use free software. Despite that, I can't
> fully trust what my computer is doing, because I can't verify the
> hardware the software runs on isn't doing something malicious. I also
> can't verify that my hardware isn't emitting signals that some
> malicious person is picking up via some sort of device
> [https://www.usenix.org/legacy/events/sec09/tech/full_papers/vuagnoux.pdf
> and others], nor can I easily verify that a TLS key that I'm
> protecting my connection with isn't extremely weak, and in otherwords,
> my communication is actually completely insecure. Nor, can I assume,
> in this day and age, that there aren't a crap ton of other errors in
> the TLS protocol, or bugs (keep in mind this is in free software
> implementations) in the implementations that make me no more unsafe
> than running blobs.
>

Interesting. You're making it sound as if your TLS implementation
would be any safer if it wasn't free software. How safe do you want to
be, and for that matter, how safe do you *need* to be. Security is an
economic thought, after all.

cheers!
mar77i
Received on Wed Oct 22 2014 - 19:49:50 CEST

This archive was generated by hypermail 2.3.0 : Wed Oct 22 2014 - 20:00:11 CEST