Wednesday, August 25, 2021

on trusting trust and the shadows on the wall of the cave

Reading  the excellent Your Computer Is On Fire recently, and there's a great chapter revisiting Ken Thompson's rightly famous Turing Award Speech about trusting trust. The chapter also discusses the Wheeler solution to the problem --

in a nutshell,  when you use a tool chain for building a computing system, you depend on the tool builders. So an application must be compiled (or interpreted) and runs on an operating system, which runs on hardware which may be networked and so on - it is "turtles all the way down".  The Thompson "hack" takes advantage of two things - bootstrapping compilers and quotation, to build systems that build in trapdoors at build time, but in a way that is not visible to simple inspection of the compiler tools (without going back in time to before the hack and before the bootstrap - i.e. introduces a cost of effectively rebuilding your tools ab initio every time to avoid the trapdoor re-insertion two step dance. The Wheeler solution is to find some tools from elsewhere as well and compile your system with those too and compare the results. An alternative is to use trustworthy computing so that the privileges don't increase as you go down the stack, and you can check the integrity of the tools&die as well as apps - but now with attestation, or with multiple toolchains, we have a chain or even a web of trust rather than a stack of trust. We may need a web (or even a blockchain) because we want to mitigate collusion (between key signing agents or between different tool builders, or, obviously both) - 

Isn't life complicated...?

Tuesday, August 10, 2021

decentralisation & disintermediation

 thinking about the history of peer-to-peer (IP routers, eDonkey, the original skype, and now new things like matrix,  mastodon etc) - there are several properties oft conflated together 

1. distributed - in your pocket, kitchen, on your bike, etc

2. decentralised - there's no agency, service with a single point of contact, failure, power, etc

3. heterogeneous - and partially federated - implemented by different people, but interoperating 

what this also means is that there's no big intermediary - no single platform owner, who has a god's eye view of the proceedings - marketing things or surveilling things. - there could still be such services, but they would need cooperation from all the targets they'd want to hit or spy on.

what is wrong with Uber, Airbnb and (probably) Bitcoin is that while they have some of these properties, they are dependent on single large infrastructures (roads/gas, houses/keys and the electricity grid) - you can build a fully peer-to-peer map of the world and let everyone share their EVs, and you could move all property into collective ownership (gasp), and you can build a decentralised trust system that doesn't depend on proof-of-work, but without that, these systems are fundamentally intermediated by those key infrastructure owners, who could change the operating rules to make what is done infeasible, or just pwn it. i..e their governance is extremely sketchy.

Blog Archive

About Me

My photo
misery me, there is a floccipaucinihilipilification (*) of chronsynclastic infundibuli in these parts and I must therefore refer you to frank zappa instead, and go home