IRC logs for #trustable for Thursday, 2019-01-31

*** toscalix has joined #trustable06:19
*** toscalix has quit IRC08:24
*** toscalix has joined #trustable08:24
* persia is intrigued by "The legal problem is that increasingly chip designers and chip manufacturers cannot legally know what is supposed to be on the chip. For example, developers of the various “IP cores” used on chips typically forbid chip designers and manufactureres from obtaining or using this information." from
*** toscalix has joined #trustable09:55
paulsherwoodactually that's fundamentally broken, isn't it!10:12
*** toscalix has quit IRC11:04
persiaIt is sadly common.  In many fields, component providers supply components under contract that the receiving organisation commits not to understand the component (often with a no reverse engineering clause or similar).  As a result, the receiving organisations fundamentally cannot understand the entirety of what they compose: if there are contstraints, it is the duty of the consuming organisation to ensure that the system is internally protected11:26
persiaagainst compromise from potentially hostile components.11:26
persiaThe prior reference was to silicon vendors, but the same model applies to aerospace, where the vessel manufacturer might contract out one or more avionics components, etc.11:28
*** traveltissues has joined #trustable12:41
*** sambishop has joined #trustable14:17
persiaThinking about testing, I suddenly wonder if there is a meaningful difference between the set of tests one can run against source (possibly including local compilation and execution of some/all of it), and the set of tests that can only be run against instances of software deployed against some substrate.14:43
persiaI'm really tempted by the idea that there is no real difference for the case where execution happens (in such case, the local machine is substrate).14:43
persiaI'm less sure for things like static analysis.14:43
persiaDoes anyone else have an opinion about this sort of thing?14:43
persiaI have become convinced that every sort of test (including static analysis or the act of compilation) involves software that is instantiated under some set of conditions, such that there is no fundamental difference of type between testing techniques (although one likely needs to perform several of them in order to meet a sensible set of constraints).15:54
persiaThusly, those seeking to demonstrate that an arbitrary set of constraints are met are expected to select deployments of software that perform those tests in such a way that the set of systems under test is reasonably representative of the set of systems expected to conform to the constraints (and further that the total set of tests is sufficiently representative of the universe of constraints to provide appropriate demonstration).15:57
persia(or, maybe more accurately, I have been so convinced)15:57
*** sambishop has quit IRC17:41
*** traveltissues has quit IRC18:50
*** traveltissues has joined #trustable21:19
*** traveltissues has quit IRC21:24

Generated by 2.15.3 by Marius Gedminas - find it at!