Flutterby™! : Deterministic Builds

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Deterministic Builds

2013-08-23 20:42:10.140911+00 by Dan Lyke 1 comments

Tor: Determistic Builds Part One: Cyberwar and Global Compromise.

The short answer is: to protect against targeted attacks. Current popular software development practices simply cannot survive targeted attacks of the scale and scope that we are seeing today. In fact, I believe we're just about to witness the first examples of large scale "watering hole" attacks. This would be malware that attacks the software development and build processes themselves to distribute copies of itself to tens or even hundreds of millions of machines in a single, officially signed, instantaneous update.

See also Ken Thompson's Reflections on Trusting Trust.

[ related topics: Weblogs Software Engineering ]

comments in ascending chronological order (reverse):

#Comment Re: made: 2013-08-24 12:21:36.69735+00 by: meuon

yeah, I've had that nightmare and don't trust my Android phone for that, and many many other reasons. or my Mac. I tend to keep my Linux system on manual update, and update when I am ready for issues due to the update (Haven't had many in years) and when I think things have been "out in the real world" for a while.

One devious programmer could create chaos and havoc months after a system was updated.