Notices by Alec Muffett (alecmuffett@mastodon.social), page 2

#Fedipact – The [mastodon] instances blocking Zuckerberg’s Threads.net
https://alecmuffett.com/article/109510
#censorship #fediverse #mastodon

@thomasfuchs 42 years, and much of my career is in dual-use technology: writing password crackers and hacking tools and releasing them for the public good, promoting end to end encryption and privacy in the face of Government critics who demand that it enables child abuse and terrorism...

So: forgive me if I suggest that your perspective demands some nuance?

https://www.youtube.com/watch?v=BrxJlp_3utk

@dalias it is regrettable therefore that in the scale of software, the nearly unbreakable stuff is but a drop in the ocean.

@mdfranz @dave_aitel

@dalias @mdfranz @dave_aitel "…and then run it on Linux" :-)

@dalias @mdfranz @dave_aitel that's really interesting. What's the definition of an attack surface?

@mdfranz I'm with you re: that observation, although one will never convince the people who are into theorem proving or formal methods or Coq or whatever, because they live in a world of small elegant perfect things.
/Cc @dalias @dave_aitel

@dalias @mdfranz @dave_aitel You're absolutely right, it is an abdication; but in the past 35 years or so I've seen trusted platforms and A1 secure trusted systems and provers… and they all go on for about 5 to 10 years before people get bored and move on to the next thing.

@dalias @mdfranz @dave_aitel https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Openssh suggests that the reality is more murky and complicated than suggested.

@dalias @mdfranz @dave_aitel it is really easy to escape charges of being more murky and more complicated by narrowing or changing the scope; similarly, we could chop out any vulnerabilities which occurred in linked libraries or (e.g.) due to operating systems random number generators being weak… but at some point that just becomes cheating.

Easier instead to acknowledge the murkiness and that software is complicated and messy.