[OT] Windows dying

[H. S. Teoh]

On Thu, Nov 02, 2017 at 11:38:21AM +0200, Shachar Shemesh via Digitalmars-d wrote:
> On 02/11/17 07:13, H. S. Teoh wrote:
> > There is another side to this argument, though.  How many times have
> > *you* reviewed the source code of the software that you use on a
> > daily basis?  Do you really *trust* the code that you theoretically
> > *can* review, but haven't actually reviewed?  Do you trust the code
> > just because some random strangers on the internet say they've
> > reviewed it and it looks OK?
> 
> This question misses the point. The point is not that you, personally,
> review every piece of code that you use. That is, if not completely
> impossible, at least highly impractical.
> 
> The real point is that it is *possible* to review the code you use.
> You don't have to personally review it, so long as someone did.

That only shifts one question to another, though: do you trust the
"someone" who did review the code?  That is what I mean by "some random
strangers on the internet".  When you download, say, glibc, whose
authors you presumably never met and probably may not have heard of
until that point, you're basically trusting that these authors have done
their due diligence in reviewing the code and making sure it meets some
standard of quality.  But you *don't know* if they reviewed it or not,
and even if they did, you don't know whether their standard of quality
matches yours.  After all, they are just some "random strangers on the
internet" whom you've never met, and probably never heard of.  Yet
you're putting your trust in them to write proper software that will be
running on your system.

Please keep in mind, I'm not saying that *in general*, you can't trust
the upstream authors.  But the issue here, which is also Thompson's
point in his article, is, how do you know whether or not your trust is
misplaced?  You can't know for sure.  At some level, you just have to
stop and take it *on faith* that these "random online strangers" are
giving you good code, because as you said, to go down the complete
paranoia road is highly impractical, if not completely impossible.

But if you're going to put your trust in said random online strangers,
what makes you think they are more trustworthy than some random
anonymous employees of some big corporation, whose proprietary software
you're running on your system?  Again, you can't know *for sure*.  At
some point, it just comes down to trusting that they have done their
jobs well, and without nefarious motives.  So where you put your trust
is a matter of faith, not fact, because you can't *objectively* be
completely sure unless you go down the paranoia road to personally
verifying everything, which is an infeasible, if not outright
impossible, task.


> I think the best example of how effective this capability is is when
> it, supposedly, failed: OpenSSL and HeartBlead.
> 
> Recap: some really old code in OpenSSL had a vulnerability that could
> remotely expose secret keys from within the server. The model came
> under heavy criticism because it turned out that despite the fact that
> OpenSSL is a highly used library, it's code was so convoluted that
> nobody reviewed it.

And that's the other thing about open source: sure, the code is
available for everyone to read.  But how many will actually understand
it?  If it's so convoluted, as you said, nobody will review it. Or if
they did, you'd have less confidence whether they caught all of the
problems.


> The result: a massive overhaul effort, lead by the OpenBSD team, which
> resulted in a compatible fork, called LibreSSL.
> 
> In other words, even when the "many eyes" assumption fails, the
> recovery is much faster than when the code is close.
[...]

Ahem. It took the LibreSSL folk *years* to cleanup the original OpenSSL
code and bring it up to equivalent functionality.  That's hardly what
I'd call "much faster".

Don't get me wrong; personally I agree with you that open source is
better.  All I'm saying is that this eventually boils down to a matter
of opinion, because ultimately, you're trusting, on faith, that this way
of doing things will produce better results.  Does it actually?  It's
hard to say.  I like to intepret the evidence as yes, and I think you do
too, but I'm not 100% sure it's not just confirmation bias.  It's hard
to be sure because you can't know until you personally verify
everything. But you can't do that, so eventually you have to just trust
that it does what you think it does, and hope for the best.  How will
things pan out eventually? It's anyone's guess.


T

-- 
English is useful because it is a mess. Since English is a mess, it maps well onto the problem space, which is also a mess, which we call reality. Similarly, Perl was designed to be a mess, though in the nicest of all possible ways. -- Larry Wall