Don't discredit OVC with falsehoods!

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Fri May 07 2004 - 10:50:06 CDT

> From: Bevharrismail@aol.com
> Mr. Thompson ...what he did was reveal to the world that for 15 years
> UNIX had a bug. The bug was installed by him when he wrote the code...

I sure wish that Bev Harris and others would stop leaning on this
apocryphon. I've seen it increasingly lately, but everyone who knows
something about it knows the claim is false.

What Ken Thompson presented in his ACM Turing Lecture was a theoretical
attack in which a compiler contained a trojan, thus affecting the
programs it compiled. Thompson -did- create a proof-of-concept
internally. But this trojan was never released "into the wild."

And in point of fact, if it had been, it *would* have been detected by
people who do profiling and eyeball machine code. It wouldn't have
been easy to detect, and it wouldn't have happened right away. But it
sure as heck wouldn't have gone 15 years. Thompson's point is very
important enough by itself, let's not invent make-believe stories about
it.

If I didn't already know a lot about the voting issues, I might have
read Harris' note, noticed the silly falsehood about Thompson, and
assumed the rest was of similar quality (i.e. conspiratorial ranting).
That would be a mistake... but one that is compelling without prior
knowledge.

> Open source code, though, won't guarantee that the program is secure.
> Linux was compromised at one time simply by adding the "=" sign into
> one of the many thousands of code lines.

No, no, no! This was not a "compromise" in the way claimed. It was a
bug that never made it into the kernel trunk. More wrongheaded
apocrypha.

It's bad enough that Harris is discrediting herself with falsehoods (or
half-truths, at best) and insinuations, let's not taint OVC with this
kind of brush.
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Mon May 31 23:17:21 2004

This archive was generated by hypermail 2.1.8 : Mon May 31 2004 - 23:18:16 CDT