-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 24/10/15 04:04, Mike Gerwitz wrote: > I can imagine ways in which that this risk can be reduced, but > fundamentally, unless you can examine and modify the _exact > instance of_ the software that you run, you are not in control. This is overly pessimistic. There is research for removing the risk entirely using more sophisticated programming languages that let you encode more information in the type system than traditional, e.g. DSLs written in Haskell, so that we can remove the risks at compiletime, and with verifiable builds promise that they have been removed.
I firmly believe we can, at least theoretically, reduce the risk so far that the only hazard for the user is the service shutting down. *Everything* else can be solved. We just need some time. And some dependent types as first class citizens of a higher-order ranks programming language. :] - -- Alexander alexan...@plaimi.net https://secure.plaimi.net/~alexander -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJWK2ymAAoJENQqWdRUGk8BcZUP/jjk6PETyK9btQocoVxLzm7b BjKGFLPPa+PtYfv9SqPVFrf7ZsKJcB4BRw6ENx/1GMrZA2q7twx0SLOLbTQy1u3Q cc1BxI6d4lqQ0qypemZ1TO3x2URCCXhuA1asCkK2e/s0aXIS21vxO2KO85epI6Wj Zn81xHtaxKypFfYNGnGGdtgSAfAZtekDvDVeImPhgshf6nVo5MqUEWaul5KqCjJ0 /YVVBhiBqY5/X/3IY+BFjdUwX4nEUc2V2jlNfyvwcwyoOnzEJwvXGUcEYBa5Mo8A Nfm/2Mpnj5e7Tu+n1WJm9ZiaKSWCUVeR5aJpaKv83fqEeoWBwoRnWgNGJXbfrFnd 92/0KaNbkchbCvFQTLV75n1+CwAFmAt0br4lxuELpK10U44KqWJX0QTwEuZGfkdt cD4jo0mt/tGTn7gSSVDa9npZHQbzOj+dr7d0hMFVOQhV9XBsGCPbZKCf6aCbUqxh ZMNgMg6l9YnMifuO8ZZaKCIHjbqcAnV8ZS1Ujo80e7w2j47wCDEQ6LPyjwQyxzEL NNaDeJp9jR6gzvY/T2CrO3yfHa7pwXWQcrf0+RgazpZMACHrsbXCxtZ/tzVNm3X7 vLurRD3Fu3Ulifja+sDQbudEbCcKl64oYi9JwE6tXXSqS5wyBuGnoof7a/V8FQv+ BGUD9d2eGxGMWZGkiau4 =nGI+ -----END PGP SIGNATURE-----