On Sat, Aug 1, 2009 at 1:32 PM, David Gerard <dger...@gmail.com> wrote:
> 2009/8/1 Brian <brian.min...@colorado.edu>: > > On Sat, Aug 1, 2009 at 1:07 PM, David Gerard <dger...@gmail.com> wrote: > >> 2009/8/1 Brian <brian.min...@colorado.edu>: > > >> > And of course, you can just ship them the binaries! > > >> Trusted clients are impossible. Particularly for prrotecting against > >> lulz-seekers. > > > Impossible? That's hyperbole. > > > No, it's mathematically accurate. There is NO SUCH THING as a trusted > client. It's the same problem as DRM and security by obscurity. > > http://en.wikipedia.org/wiki/Trusted_client > http://en.wikipedia.org/wiki/Security_by_obscurity > > Never trust the client. Ever, ever, ever. If you have a working model > that relies on a trusted client you're fucked already. > > Basically, if you want to distribute binaries to reduce hackability > ... it won't work and you might as well be distributing source. > Security by obscurity just isn't. > > > - d. > Ok, nice rant. But nobody cares if you scramble their scientific data before sending it back to the server. They will notice the statistical blip and ban you. I don't think in terms of impossible. It impedes progress. _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
