Linked by Thom Holwerda on Wed 19th May 2010 09:52 UTC, submitted by Nitrodist
Internet & Networking If there's one subject that's really hot right now on the web, it's privacy. There's the whole Facebook saga, and especially the company's CEO, Mark Zuckerberg, seems somewhat averse to the concept of privacy. We also have a much smaller issue with the Chrome web browser, where someone found out zoom settings are stored somewhere, even when in incognito mode. It turned out to be a feature (sort of) but it does highlight how important the concept of privacy on the web has become.
Permalink for comment 425355
To read all comments associated with this story, please click here.
RE[2]: Open source?
by hornett on Wed 19th May 2010 10:50 UTC in reply to "RE: Open source?"
hornett
Member since:
2005-09-19

How do you know that the binary .deb packages on Ubuntu actually match up to the source they claim to have built them from?


You can rebuild the .debs from the deb-source package, and you can then verify that your binaries are exactly the same as those built by Debian (or whoever).

You can't do this with Chrome as you don't have the complete source to binary which they release, only the parts released as Chromium. Thus, you have no way to verify if extra code has been inserted into the binaries.


Ken Thompson actually implemented exactly this trick on an early Unix box. The compiler was patched to detect two special conditions: if it was compiling a new version of the compiler it would add the patch to it as well. If it was compiling the "login" program it would add a backdoor to the binary. Read about it here: http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf


That's brilliant!

Edited 2010-05-19 10:53 UTC

Reply Parent Score: 3