Sitat av
orwlr
But you have to, at some point, trust something.
I do.
To varying degrees.
If you tell me your name is Ksenia, I'll believe you. And I'll trust an unknown, sensible looking couple to protect my plate from being whisked away by a waiter at a café.
But if you tell me you've got a dragon that performs cold fusion in your garage, or the couple wants to keep my passwords safe: that's a different situation:
The first 2 situations are low-stakes, with a high probability of success
For number 3: I want science competitions with high prestige and monetary prizes, awarded to the teams that find the most flaws with your magical cyborg, confirmed by peer-review, openly publishing all findings, and tests to be performed beforehand, and other things that make for good science.
For number 4, I'll use a password-manager
And the scientists could be conspiring, and it's even more likely that there's something phishy about the password-manager
- We want to have to trust as few parties as possible
- Peer review etc. is more trustworthy than books from the bronze-age or the intel-lab
These things make me trust the contents and authors of your post less:
- "very few ICs are what anyone would call 'open'", is not elaborated on
- Something written using "heavy sarcasm" doesn't change the content's truth value, and mentioning the tone seems like a deflection
- "goes on to mock" cry me a river
- "They are not the comments of someone with the responsibility for producing a product, presumably to a deadline, who may need to settle for less than perfection to stay on schedule." - Joanna Rutkowska delivers Qubes OS
- "they are apparently made without an awareness that free-licensed hardware is almost completely unobtainable." - This was apparently written by a cry-baby who is pathetically grasping at straws, and wasting our time in doing so
_______
- Security is hard
- Important to get right
- You got critique from a prominent researcher in the field, for free
- Accept, thank, improve
wtb !TentPoleSecurityTheater