The first step toward a solution is probably to have many more people use encryption. Only then will the web of trust thicken enough. Then there will be interest in developing more advanced protocols and software.
That first step is doable: Enhance (or fork) Mozilla Thunderbird as follows. People will learn that if they use Thunderbird, and their friends use Thunderbird too, the mail exchanges will automatically and transparently be encrypted, and there is nothing the users need to learn or do differently. Post-Snowden, this will be popular. People will switch to Thunderbird, or to clients and services that support the same protocols.
Make it practical, not secure by the book. Have Thunderbird automatically generate a key for each mail account, and store it lightly obfuscated in a local file.
Keep the mails unencrypted in the mail store, in the sent and received folders. Invent a new type of attachment, and have Thunderbird automatically send the public key of the sender's account along with every message. Have Thunderbird store keys it receives in such attachments, in the address book. And have Thunderbird encrypt everything it sends to a receiver whose key it has in the address book.
Add a protocol that allows Thunderbird synchronize keys between multiple installations using the same mail address. Perhaps this should work by sending a mail to yourself from any one of the installations, that is picked up by the other installations. The other installations should respond with new similar mails if they have keys that the originator of the first message may need. This synchronization should probably default to use a hash of the account password as basis for a synchronization encryption key.
Then add options to secure the key file with a strong password, to manage the keys, to revoke them, to export and import them, etc. But only for those who want it. Make sure everything works at a basic security level even with no intervention from the user.
Probably NSA and its relatives will subvert Thunderbird to send the key file home. But this is all a starting point, we can tighten security as we go.
"Checked the wrong box on a form" screams cop-out to me.
Agree
At one point before the ordeal began, she was questioned in her home by two agents, about her affiliation to a Malaysian association of expatriates. The association had a name that began with the a word that means "association" in Malay. So did another Malaysian organization that the agents were suspicious about.
I am surprised at the pervasive negativity against the beta, spamming all topics.
Slashdot, please roll out beta and close down classic as soon as possible! I hope the whiners will turn away and create their own site instead.
The new look has one great advantage: screen dumps will waste less green ink.
The disadvantage is that printouts will require more paper, and onscreen consumption of the threads requires more scrolling.
Other than that I have not discovered any real differences.
Oh wait, except there is one specific issue left: Until today, every time I tried followed the "read more" link to see the comments, all I got was:
"Shazbot! We ran into some trouble getting the comments.Try again... na-nu, na-nu!"
Clicking the "Load More" button just reproduced the same Shazbot! message.
The present topic is the first that I am able to follow in beta. The next topic down the front page returned another Shazbot.
So, please fix the Shazbots ASAP, then close classic. Thanks.
It is not a computer in the sense that we programmers know. It is more akin to having a chip with a built-in wind tunnel that can perform measurements on various shapes. More specifically, it has a network of "noisy q-bits" that is supposedly governed by the same mathematics as the annealing process, including quantum tunneling phenomena. Or may be you could compare it to the old-time "analog computers". As far as I am concerned, the idea could be a valid one. But others here point out that they market it as doing NP-complete problems, which it does not.
I would also like to see the models be more open and transparent.
I think they are available if you ask politely. The measurement data are available w/o asking, google around and follow some links. Now, the measurement data has been massaged a bit, and you would want the actual raw data + the massaging. You'll have to ask. But I can tell you it's not something you work through in a week.
In practical terms, we need some division of labor. Somebody we trust should do the checking. Is there anyone on this planet that you would be willing to trust?
That is right, the more intelligent ones of the skeptics think like that.
I have myself made some efforts to study the data and the methods employed, and I have not seen any cherry picking; the amount of energy required to warm the planet is consistent with the amount of energy trapped by the added CO2; the size of the industrial consumption of fossil carbon, the amount of deforestation, etc. is consistent with the amount of CO2 added, and so on. I think your points A and B are baseless, and is propagated among people who think they are smart when they are skeptical of the government and of the leftists/liberals, but fail to ask critical questions to the other side.
While it may be politically impossible to convince the world to take proper measures, I doubt there is much real, quantified thought behind your point C either. There are many who have estimated the costs and found them quite moderate. I might be a fool who believe and trust them, but on the other hand I have never seen specific and justified numbers for the cost from the skeptics.
I don't know your reference for saying that "the models are broken". In my understanding the models used e.g. in IPCC reports, are quite good.
It is completely unreasonable to dismiss them just because they are not perfect. The proper approach is to study the discrepancies, reason about their possible causes and estimate the effect of the errors on the question you are seeking to answer with the model. You don't build models only to make forecasts. But you do use their forecasts for what they are worth.
If all models that are based on you knowledge of the field, suggest a climate sensitivity of 1.5 to 5.2 Kelvin in 50 years for a doubling relative to pre-industrial level of CO2, it means that the sensitivity most likely is in that ballpark, as far as we can tell from the physics and the experience that went into the models. (Specific numbers made up for sake of example.)
Currently the air temperatures are rising a bit slower, and the oceans are warming a bit more, than predicted. But the total increase in heat energy is consistent with satellite energy balance measurements and with most models, IIRC. This means the models are quite good, but we could use a better understanding of the way ocean currents change and certain weather phenomena related to energy transfer between air, land and ocean. This discrepancy may have effects on the computation of feedback effects and on sensitivity, but not that much in the shorter range. It does not make the models "broken".
When things are complex, models can tell you what your current understanding is worth. You express the known or assumed mechanisms in a programming language, feed the program with some observations that define a starting point (a.k.a boundary condition), crank the handle, and compare the output to actual observations. Then you study the discrepancies in order to determine what part of your current understanding led to the errors.
To fit an equation to a curve does not really give much insight. But if you adjust the parameters of an equation and achieve a good match to the empirical curve, this indicates that the assumptions behind the equation may be sound. If you find empirically that an exponential factor works well, this may point back at some underlying physics.
Cranking the handle a few more turns will give you a prediction based on your assumptions about the mechanisms. If you have to guess the future, it is reasonable to make guesses that do not fly in the face of the best understanding you have of the field. If your model gave results with some resemblance to the actual data, the prediction may have some credibility. But we are still talking about guesses.
AGW deniers often use the trope of accusing the researchers of curve fitting. Given the complexity, of course the researchers do a lot of curve fitting. But the field is very actively developing ways to approach the ideal of physics-based models. One should judge them by their progress in this regard, not just yell "Curve fitting".
Nobody doubts that the Earth, like everything else, behaves largely as a blackbody radiator, but the devil is in the details. and interesting phenomena arise when bodies deviate from that formula. The warning of the Earth depends on a fairly small imbalance between incoming and outgoing radiation.
I read about Linzen's contributions long time ago and don't remember them that clearly any more, but this "proven" theory about blackbody radiation and reabsoption looks like a misrepresentation. I rather think he thought the Earth does not behave like a blackbody radiator, because of variable cloud formation and increased reflectance. He published a hypothesis that high stratospheric cloud formation would attenuate the otherwise positive feedback effect of increased water vapor. However, later research has not supported this hypothesis sufficiently. Later Linzen also went public with fairly coarse and unscientific criticism of the contemporary theories, using rather general (unspecific) arguments.
The description of re-absorption of yours is useless, even Linzen is far more sophisticated than that. There is no contradiction between blackbody radiation and re-absorption of radiation in a translucent medium. The center of the Sun is thought to be at millions of Kelvins, yet the surface is at some 6500K or so. This difference is due to re-absorption of the radiation generated deep inside the Sun. The externally visible radiation corresponds to a blackbody radiator at that temperature (6500K), and the Sun is considered as an excellent blackbody radiator IIRC.
Your clothes work the same way, they absorb radiation from your skin, and reradiate it. The next layer of clothes absobs that reradiated energy, and reradiates it again. But at each step, half the reradiation is directed back toward your skin. And yes, the inner layers of clothes also absorb radiation coming back from the outer layers. It is trivial for a physicist to model this mathematically.
Adding "climate gasses" to our atmosphere makes it less transparent than before to the infrared band in question, and so the externally visible thermal radiation will correspond to the tempareature of a thinner top layer of the atmosphere, which is colder, and the radiation will therefore be weaker. With a perfectly transparent atmosphere, the externaly visible thermal radiation would correspond to the surface temperature, which is much hotter than the tropopause.
The repeated glaciations argument is also irrelevant. Of course the climate science is fully aware of the large swings in the Earth's climate's history. That does not make the swings unproblematic, Every such change must have had its causes, some of which are probably understood today, many not. But we are in far better position to study the climate changes taking place in our time, and the science points strongly toward human-induced causes. Being no expert, I cannot exclude that, absent our CO2 emissions we would be facing another glaciation in the next 2-3000 years, but it looks like the Humans will be the cause of strongly reduced frequency and depth of glaciations in the foreseeable future.
I don't know what he has done lately, since the state of the art evolves continuously. He might think differently now, given numerous rounds of proposed effects, investigations, and refutations or not. However, I think he is known to have a difficulty agreeing with anyone on almost anything, always finding something contrary to say, so I guess he still defends much the same positions as before.
You are right, the X server runs on the user "terminal", i.e. the computer having a screen that the user sees.
The X client runs on any computer, the same as the X server runs on, or a different one.
Back in the early nineties some of us used "thin client" style dedicated X servers. They were pure user terminals with no disk. They would typically load fonts from an nfs (network file system) server. But a vulnerability could in principle allow an attacker to gain control over the sessions, log the key presses, etc. To get there, the attacker would have to trick you into loading a modified bitmap font that (s)he provided. Back then that would have been quite hard, most of the time. Applications seldom installed fonts, they just supplied a font selector string specifying some parameters of the desired font. But with some social engineering, and providing the victim with an application to install, that application could load a font included in the application installation. Presto.
When someone discovers that there is only 10 GB available of that 500 GB hard drive and they cut your hand off while asking you why? What is your next step in this brilliant plan?
If I remember correctly, there will be 500 GB available in the decoy partition. There will be only 3-4 GB of data, and 490 GB of free space.
The free space, if examined with tools to access free blocks, will appear to contain random noise data, as if the disk at some earlier point did contain lots of zipped files, word docx files (they are really zip files), encrypted files, and other high-entropy files, and all these files were later deleted.
When accessing the disk using the other password, then the "free" blocks are decrypted, and it will turn out that they contain files, directories, free-block-lists, and other file system structures.
When files are written to the decoy file system blocks are allocated from the head of the free blocks list, which happens to contain blocks that are not used by the hidden file system. If you write sufficiently big files to the decoy system, I dont know, perhaps the hidden system begins to lose data, or perhaps the system feigns harware faults and shuts down.
If an individual inevitably learns that his name, or some similar name, is on a no-fly list when he tries to board the plane, how can the government defend the position that it national security prevents it from telling that individual that his name or some similar name is on the no-fly-list upon request from the individual? I think the ACLU should sue the government and demand that the government be forced to answer such requests on a reasonable schedule. But what legal basis could be used for such a demand, exactly?
I wonder if she made some phone call when she realized that she might not be able to get on board. That phone call has a time stamp and a location. There is a good chance that she can prove that she was in the airport area well before the gate closed. There are likely other proofs as well. An American judge probably cannot subpoena phone records in Malaysia, but there are diplomatic channels that can be made to work. Perhaps the USA and Malaysia have agreements about mutual assistance in such cases.
Run the compiler compile in a cpu emulator, eg, an arm processor computing what a correct x86 processor would do in each assembly instruction. This would bypass any Thompson hack in the x86 microcode:)
Let us spell this out. The source code of a program A, specifies a function f() from a set P of valild inputs to a set Q of outputs. If you have two "honest" or "correct" compilers X and Y, you can feed them the source of A, and produce two binaries Ax and Ay. These binaries will be different, they will implement program A using different register allocations and different optimizations. However, if you run these binaries and feed them with a valid input p, (p member of P), either process will compute the value q = f(p), a specific member of Q. The outputs should be byte for byte the same, namely 'q'.
Since we are discussing the possible detection of Ken Thompson's hack, we may assume that the compilers X and Y may be trivially correct, whether infested with this hack or not, as long as the source being compiled is not the source of a compiler. So to test this, we chose the source of a compiler as our program A. To test the behavior of the binaries Ax and Ab, we again feed these binaries (which are compilers) with valid inputs for compilers - program source code - and again we chose the source of a compiler as our input p. The outcome should be a compiler binary q, which performs the register allocations and optimizations specified by the source of A, identical whether the bootstrap compiler was X or Y.
Now the theory is, that if the X and Y compilers are both infested with Thompson's hack, they will still be infested with slightly different variants of this hack, as the hack must be adapted to the implementation details of X and Y.
Think of the hack as a preprocessor that takes as input the source of a clean compiler, and produces the source of a compiler with the hack embedded. The effect of this preprocessor could be completely consistent across compilers.
But if the preprosessor is to avoid duplicating the parsing of the inputs, the headers files, the preprocessed header files, etc. it needs to be adapted to the particulars of the compiler into which it will be inserted. And as compiler technology evolves, the hack will need to adapt, both to recognize what constitutes a compiler, and to properly embed the preprocessor. This makes it likely that there will be different versions around, and if you compile A with sufficiently different compilers, you will likely be able to notice differences in the binary 'q' produced.
In more practical terms, I think that coding an algorithm to reliably identify what constitutes a compiler, is a non-trivial task. The program will tend to be huge. If you ever try to debug a problem with such a modified compiler, you begin looking at the disassembly, and even if the disassembler has been hacked to hide the code modification, you will sooner or later stumble across oddities with the addresses of the routines, the number of stack frames, etc. I think a Thompson hack would be found and exposed quite quickly.
We need to get organized. Nobody can check all the code. Much less can everybody check all the code. So, organize a systematic partitioning, and keep lists of people who have checked each part. That will help point out areas that have been checked by few people, or by only unknown people. Additionally, if any backdoor is ever found in a piece that has been checked by twenty people, everything checked by those twenty becomes suspect.
I think that is about the best we can achieve.
As to backdoors inserted by the compiler, Thompson style, split the compiler binary in suitable pieces, and do a hand check of the disassembly and of the assembly.
I am not qualified to fix major security issues. However, I did report mistakes I spotted when reading the source, and they got fixed. I guess there are enough nerds around the globe who explore some code from time to time, and keep studying until they understand it, that most kernel source files gets regular scrutiny.
Slashdot Mirror
The first step toward a solution is probably to have many more people use encryption. Only then will the web of trust thicken enough. Then there will be interest in developing more advanced protocols and software.
That first step is doable: Enhance (or fork) Mozilla Thunderbird as follows. People will learn that if they use Thunderbird, and their friends use Thunderbird too, the mail exchanges will automatically and transparently be encrypted, and there is nothing the users need to learn or do differently. Post-Snowden, this will be popular. People will switch to Thunderbird, or to clients and services that support the same protocols.
Make it practical, not secure by the book. Have Thunderbird automatically generate a key for each mail account, and store it lightly obfuscated in a local file. Keep the mails unencrypted in the mail store, in the sent and received folders. Invent a new type of attachment, and have Thunderbird automatically send the public key of the sender's account along with every message. Have Thunderbird store keys it receives in such attachments, in the address book. And have Thunderbird encrypt everything it sends to a receiver whose key it has in the address book.
Add a protocol that allows Thunderbird synchronize keys between multiple installations using the same mail address. Perhaps this should work by sending a mail to yourself from any one of the installations, that is picked up by the other installations. The other installations should respond with new similar mails if they have keys that the originator of the first message may need. This synchronization should probably default to use a hash of the account password as basis for a synchronization encryption key.
Then add options to secure the key file with a strong password, to manage the keys, to revoke them, to export and import them, etc. But only for those who want it. Make sure everything works at a basic security level even with no intervention from the user.
Probably NSA and its relatives will subvert Thunderbird to send the key file home. But this is all a starting point, we can tighten security as we go.
Neat!
When I was a child, most women used to cover their hair in much of Europe. Sometimes headscarves were worn in a way that resembled some of the Hijabs.
"Checked the wrong box on a form" screams cop-out to me.
Agree
At one point before the ordeal began, she was questioned in her home by two agents, about her affiliation to a Malaysian association of expatriates. The association had a name that began with the a word that means "association" in Malay. So did another Malaysian organization that the agents were suspicious about.
She probably would have gone on with her life if she had not also later been denied reentry to the USA to complete here doctorate.
I am surprised at the pervasive negativity against the beta, spamming all topics.
Slashdot, please roll out beta and close down classic as soon as possible! I hope the whiners will turn away and create their own site instead.
The new look has one great advantage: screen dumps will waste less green ink. The disadvantage is that printouts will require more paper, and onscreen consumption of the threads requires more scrolling.
Other than that I have not discovered any real differences.
Oh wait, except there is one specific issue left: Until today, every time I tried followed the "read more" link to see the comments, all I got was:
"Shazbot! We ran into some trouble getting the comments.Try again... na-nu, na-nu!"
Clicking the "Load More" button just reproduced the same Shazbot! message. The present topic is the first that I am able to follow in beta. The next topic down the front page returned another Shazbot. So, please fix the Shazbots ASAP, then close classic. Thanks.
Hear, hear! Mod parent up!
It is not a computer in the sense that we programmers know. It is more akin to having a chip with a built-in wind tunnel that can perform measurements on various shapes. More specifically, it has a network of "noisy q-bits" that is supposedly governed by the same mathematics as the annealing process, including quantum tunneling phenomena. Or may be you could compare it to the old-time "analog computers". As far as I am concerned, the idea could be a valid one. But others here point out that they market it as doing NP-complete problems, which it does not.
Unfortunately I have never seen a discussion of that question. People just assume that it will or will not have sufficient effect.
Are you joking?
I would also like to see the models be more open and transparent.
I think they are available if you ask politely. The measurement data are available w/o asking, google around and follow some links. Now, the measurement data has been massaged a bit, and you would want the actual raw data + the massaging. You'll have to ask. But I can tell you it's not something you work through in a week.
In practical terms, we need some division of labor. Somebody we trust should do the checking. Is there anyone on this planet that you would be willing to trust?
That is right, the more intelligent ones of the skeptics think like that.
I have myself made some efforts to study the data and the methods employed, and I have not seen any cherry picking; the amount of energy required to warm the planet is consistent with the amount of energy trapped by the added CO2; the size of the industrial consumption of fossil carbon, the amount of deforestation, etc. is consistent with the amount of CO2 added, and so on. I think your points A and B are baseless, and is propagated among people who think they are smart when they are skeptical of the government and of the leftists/liberals, but fail to ask critical questions to the other side.
While it may be politically impossible to convince the world to take proper measures, I doubt there is much real, quantified thought behind your point C either. There are many who have estimated the costs and found them quite moderate. I might be a fool who believe and trust them, but on the other hand I have never seen specific and justified numbers for the cost from the skeptics.
I don't know your reference for saying that "the models are broken". In my understanding the models used e.g. in IPCC reports, are quite good.
It is completely unreasonable to dismiss them just because they are not perfect. The proper approach is to study the discrepancies, reason about their possible causes and estimate the effect of the errors on the question you are seeking to answer with the model. You don't build models only to make forecasts. But you do use their forecasts for what they are worth.
If all models that are based on you knowledge of the field, suggest a climate sensitivity of 1.5 to 5.2 Kelvin in 50 years for a doubling relative to pre-industrial level of CO2, it means that the sensitivity most likely is in that ballpark, as far as we can tell from the physics and the experience that went into the models. (Specific numbers made up for sake of example.)
Currently the air temperatures are rising a bit slower, and the oceans are warming a bit more, than predicted. But the total increase in heat energy is consistent with satellite energy balance measurements and with most models, IIRC. This means the models are quite good, but we could use a better understanding of the way ocean currents change and certain weather phenomena related to energy transfer between air, land and ocean. This discrepancy may have effects on the computation of feedback effects and on sensitivity, but not that much in the shorter range. It does not make the models "broken".
When things are complex, models can tell you what your current understanding is worth. You express the known or assumed mechanisms in a programming language, feed the program with some observations that define a starting point (a.k.a boundary condition), crank the handle, and compare the output to actual observations. Then you study the discrepancies in order to determine what part of your current understanding led to the errors.
To fit an equation to a curve does not really give much insight. But if you adjust the parameters of an equation and achieve a good match to the empirical curve, this indicates that the assumptions behind the equation may be sound. If you find empirically that an exponential factor works well, this may point back at some underlying physics.
Cranking the handle a few more turns will give you a prediction based on your assumptions about the mechanisms. If you have to guess the future, it is reasonable to make guesses that do not fly in the face of the best understanding you have of the field. If your model gave results with some resemblance to the actual data, the prediction may have some credibility. But we are still talking about guesses.
AGW deniers often use the trope of accusing the researchers of curve fitting. Given the complexity, of course the researchers do a lot of curve fitting. But the field is very actively developing ways to approach the ideal of physics-based models. One should judge them by their progress in this regard, not just yell "Curve fitting".
Nobody doubts that the Earth, like everything else, behaves largely as a blackbody radiator, but the devil is in the details. and interesting phenomena arise when bodies deviate from that formula. The warning of the Earth depends on a fairly small imbalance between incoming and outgoing radiation.
I read about Linzen's contributions long time ago and don't remember them that clearly any more, but this "proven" theory about blackbody radiation and reabsoption looks like a misrepresentation. I rather think he thought the Earth does not behave like a blackbody radiator, because of variable cloud formation and increased reflectance. He published a hypothesis that high stratospheric cloud formation would attenuate the otherwise positive feedback effect of increased water vapor. However, later research has not supported this hypothesis sufficiently. Later Linzen also went public with fairly coarse and unscientific criticism of the contemporary theories, using rather general (unspecific) arguments.
The description of re-absorption of yours is useless, even Linzen is far more sophisticated than that. There is no contradiction between blackbody radiation and re-absorption of radiation in a translucent medium. The center of the Sun is thought to be at millions of Kelvins, yet the surface is at some 6500K or so. This difference is due to re-absorption of the radiation generated deep inside the Sun. The externally visible radiation corresponds to a blackbody radiator at that temperature (6500K), and the Sun is considered as an excellent blackbody radiator IIRC.
Your clothes work the same way, they absorb radiation from your skin, and reradiate it. The next layer of clothes absobs that reradiated energy, and reradiates it again. But at each step, half the reradiation is directed back toward your skin. And yes, the inner layers of clothes also absorb radiation coming back from the outer layers. It is trivial for a physicist to model this mathematically.
Adding "climate gasses" to our atmosphere makes it less transparent than before to the infrared band in question, and so the externally visible thermal radiation will correspond to the tempareature of a thinner top layer of the atmosphere, which is colder, and the radiation will therefore be weaker. With a perfectly transparent atmosphere, the externaly visible thermal radiation would correspond to the surface temperature, which is much hotter than the tropopause.
The repeated glaciations argument is also irrelevant. Of course the climate science is fully aware of the large swings in the Earth's climate's history. That does not make the swings unproblematic, Every such change must have had its causes, some of which are probably understood today, many not. But we are in far better position to study the climate changes taking place in our time, and the science points strongly toward human-induced causes. Being no expert, I cannot exclude that, absent our CO2 emissions we would be facing another glaciation in the next 2-3000 years, but it looks like the Humans will be the cause of strongly reduced frequency and depth of glaciations in the foreseeable future.
I don't know what he has done lately, since the state of the art evolves continuously. He might think differently now, given numerous rounds of proposed effects, investigations, and refutations or not. However, I think he is known to have a difficulty agreeing with anyone on almost anything, always finding something contrary to say, so I guess he still defends much the same positions as before.
You are right, the X server runs on the user "terminal", i.e. the computer having a screen that the user sees. The X client runs on any computer, the same as the X server runs on, or a different one. Back in the early nineties some of us used "thin client" style dedicated X servers. They were pure user terminals with no disk. They would typically load fonts from an nfs (network file system) server. But a vulnerability could in principle allow an attacker to gain control over the sessions, log the key presses, etc. To get there, the attacker would have to trick you into loading a modified bitmap font that (s)he provided. Back then that would have been quite hard, most of the time. Applications seldom installed fonts, they just supplied a font selector string specifying some parameters of the desired font. But with some social engineering, and providing the victim with an application to install, that application could load a font included in the application installation. Presto.
When someone discovers that there is only 10 GB available of that 500 GB hard drive and they cut your hand off while asking you why? What is your next step in this brilliant plan?
If I remember correctly, there will be 500 GB available in the decoy partition. There will be only 3-4 GB of data, and 490 GB of free space. The free space, if examined with tools to access free blocks, will appear to contain random noise data, as if the disk at some earlier point did contain lots of zipped files, word docx files (they are really zip files), encrypted files, and other high-entropy files, and all these files were later deleted. When accessing the disk using the other password, then the "free" blocks are decrypted, and it will turn out that they contain files, directories, free-block-lists, and other file system structures. When files are written to the decoy file system blocks are allocated from the head of the free blocks list, which happens to contain blocks that are not used by the hidden file system. If you write sufficiently big files to the decoy system, I dont know, perhaps the hidden system begins to lose data, or perhaps the system feigns harware faults and shuts down.
If an individual inevitably learns that his name, or some similar name, is on a no-fly list when he tries to board the plane, how can the government defend the position that it national security prevents it from telling that individual that his name or some similar name is on the no-fly-list upon request from the individual? I think the ACLU should sue the government and demand that the government be forced to answer such requests on a reasonable schedule. But what legal basis could be used for such a demand, exactly?
I wonder if she made some phone call when she realized that she might not be able to get on board. That phone call has a time stamp and a location. There is a good chance that she can prove that she was in the airport area well before the gate closed. There are likely other proofs as well. An American judge probably cannot subpoena phone records in Malaysia, but there are diplomatic channels that can be made to work. Perhaps the USA and Malaysia have agreements about mutual assistance in such cases.
Windows phone 8 sucks: About 21 100 000 results (0,29 seconds)
"Windows phone 8 sucks": About 139 000 results (0,22 seconds)
Run the compiler compile in a cpu emulator, eg, an arm processor computing what a correct x86 processor would do in each assembly instruction. This would bypass any Thompson hack in the x86 microcode :)
Since we are discussing the possible detection of Ken Thompson's hack, we may assume that the compilers X and Y may be trivially correct, whether infested with this hack or not, as long as the source being compiled is not the source of a compiler. So to test this, we chose the source of a compiler as our program A. To test the behavior of the binaries Ax and Ab, we again feed these binaries (which are compilers) with valid inputs for compilers - program source code - and again we chose the source of a compiler as our input p. The outcome should be a compiler binary q, which performs the register allocations and optimizations specified by the source of A, identical whether the bootstrap compiler was X or Y.
Now the theory is, that if the X and Y compilers are both infested with Thompson's hack, they will still be infested with slightly different variants of this hack, as the hack must be adapted to the implementation details of X and Y.
Think of the hack as a preprocessor that takes as input the source of a clean compiler, and produces the source of a compiler with the hack embedded. The effect of this preprocessor could be completely consistent across compilers.
But if the preprosessor is to avoid duplicating the parsing of the inputs, the headers files, the preprocessed header files, etc. it needs to be adapted to the particulars of the compiler into which it will be inserted. And as compiler technology evolves, the hack will need to adapt, both to recognize what constitutes a compiler, and to properly embed the preprocessor. This makes it likely that there will be different versions around, and if you compile A with sufficiently different compilers, you will likely be able to notice differences in the binary 'q' produced.
In more practical terms, I think that coding an algorithm to reliably identify what constitutes a compiler, is a non-trivial task. The program will tend to be huge. If you ever try to debug a problem with such a modified compiler, you begin looking at the disassembly, and even if the disassembler has been hacked to hide the code modification, you will sooner or later stumble across oddities with the addresses of the routines, the number of stack frames, etc. I think a Thompson hack would be found and exposed quite quickly.
We need to get organized. Nobody can check all the code. Much less can everybody check all the code. So, organize a systematic partitioning, and keep lists of people who have checked each part. That will help point out areas that have been checked by few people, or by only unknown people. Additionally, if any backdoor is ever found in a piece that has been checked by twenty people, everything checked by those twenty becomes suspect. I think that is about the best we can achieve. As to backdoors inserted by the compiler, Thompson style, split the compiler binary in suitable pieces, and do a hand check of the disassembly and of the assembly.
From now on, there will be.
I am not qualified to fix major security issues. However, I did report mistakes I spotted when reading the source, and they got fixed. I guess there are enough nerds around the globe who explore some code from time to time, and keep studying until they understand it, that most kernel source files gets regular scrutiny.