| *** toscalix has joined #trustable | 06:19 | |
| *** toscalix has quit IRC | 08:24 | |
| *** toscalix has joined #trustable | 08:24 | |
| * persia is intrigued by "The legal problem is that increasingly chip designers and chip manufacturers cannot legally know what is supposed to be on the chip. For example, developers of the various “IP cores” used on chips typically forbid chip designers and manufactureres from obtaining or using this information." from https://dwheeler.com/trusting-trust/ | 09:13 | |
| *** toscalix has joined #trustable | 09:55 | |
| paulsherwood | actually that's fundamentally broken, isn't it! | 10:12 |
|---|---|---|
| *** toscalix has quit IRC | 11:04 | |
| persia | It is sadly common. In many fields, component providers supply components under contract that the receiving organisation commits not to understand the component (often with a no reverse engineering clause or similar). As a result, the receiving organisations fundamentally cannot understand the entirety of what they compose: if there are contstraints, it is the duty of the consuming organisation to ensure that the system is internally protected | 11:26 |
| persia | against compromise from potentially hostile components. | 11:26 |
| persia | The prior reference was to silicon vendors, but the same model applies to aerospace, where the vessel manufacturer might contract out one or more avionics components, etc. | 11:28 |
| *** traveltissues has joined #trustable | 12:41 | |
| *** sambishop has joined #trustable | 14:17 | |
| persia | Thinking about testing, I suddenly wonder if there is a meaningful difference between the set of tests one can run against source (possibly including local compilation and execution of some/all of it), and the set of tests that can only be run against instances of software deployed against some substrate. | 14:43 |
| persia | I'm really tempted by the idea that there is no real difference for the case where execution happens (in such case, the local machine is substrate). | 14:43 |
| persia | I'm less sure for things like static analysis. | 14:43 |
| persia | Does anyone else have an opinion about this sort of thing? | 14:43 |
| persia | I have become convinced that every sort of test (including static analysis or the act of compilation) involves software that is instantiated under some set of conditions, such that there is no fundamental difference of type between testing techniques (although one likely needs to perform several of them in order to meet a sensible set of constraints). | 15:54 |
| persia | Thusly, those seeking to demonstrate that an arbitrary set of constraints are met are expected to select deployments of software that perform those tests in such a way that the set of systems under test is reasonably representative of the set of systems expected to conform to the constraints (and further that the total set of tests is sufficiently representative of the universe of constraints to provide appropriate demonstration). | 15:57 |
| persia | (or, maybe more accurately, I have been so convinced) | 15:57 |
| *** sambishop has quit IRC | 17:41 | |
| *** traveltissues has quit IRC | 18:50 | |
| *** traveltissues has joined #trustable | 21:19 | |
| *** traveltissues has quit IRC | 21:24 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!