if you can't trust a cpu server don't use it. applies to carbon based
life-forms too.


On 25 February 2013 00:29, <a@9srv.net> wrote:

> Cinap mostly covered this, but yeah: if you don't trust the
> system you're connecting to, cpu isn't really safe[1]. But
> then, neither is anything else: even the simplest service
> (say, telnet) can be trivially bugged with things like key
> loggers if the remote side's untrustworthy.
>
> If you've not read it, you (and everyone else in CS) should
> read "Reflections on Trusting"[1], by Ken Thompson,
> describing how he bugged the login program and then
> made it roughly undetectable. Things like cpu's -P can
> help in a sense, but at some point it comes down to
> trusting the humans on the remote end.
>
> [1]     http://cm.bell-labs.com/who/ken/trust.html
>
>
>