the Kiwis have been at it too...
From last year.
6 posts • joined 22 Jan 2019
Go back and read Ken Thompson's Turing award speech.
Looking at the code is not sufficient to tell you if there is a hidden backdoor as the compiler may insert one automatically. Looking at the compiler source is not sufficient to tell you the compiler is doing this as it may have code to add the compromise code to itself. Once such a compiler exists, all the compromise code can be removed from the sources and yet continue to propagate...
Whilst the comments about the US politicians being unable to find common ground have a small amusement value (schadenfreude from afar?) the sad fact is this is this century's reality. US pollies can't compromise to make decisions of value, UK pollies cant compromise to prevent a Brexit outcome (no deal) which everyone on both sides of the English Channel agrees would be disastrous, Australian pollies can't even agree on who should be leader from one week to the next, let alone anything of real importance.
So what prevents a bad actor from getting a $99 signing cert and signing their shiny new malware? Didn't M$ go through a long period of "signed drivers mean no bad code can get into your kernel" until a researcher, tired of the BS, built a proof of concept piece of code that powered down your PC (from hazy memory) to show that signing doesn't fix the malware problem. M$ had to quickly add cert revocation lists to their codebase to 'fix' the problem... which of course still doesn't fix anything, just stops "that last exploit we noticed".
The testing/notarisation suffers all the same issues of course. All I need to do is write malware that doesn't use recognised bad libraries and where the payload doesn't activate until after the testing is long complete. I get notarised, and it's game on.
I'm all for security. But these aren't the answers you're looking for. (Waves hand at Apple stormtrooper.)
The twiggy name was a reference to the odd double sided mechanism. In the day, Apple had long derided double sided floppy disk mechanisms as 'unreliable', hence the single sided nature of the Apple II 5 1/4 inch floppy and a generation of users cutting notches in their media so they could turn it over and use both sides (one at a time).
For the Lisa, a second slot was put on the opposite end of the disk sleeve and a second single head engaged to read/write the 'other' side of the disk. (I.e. the normal head at the back of the drive and a much more complex second head at the front/door end of the drive). This also meant Apple were pretty much the only suppliers of media.
So one of Lisa II's many cost reductions was to adopt the by then standard 3 1/2 inch drive the first gen Macs were using (with normal double sided heads).
Biting the hand that feeds IT © 1998–2019