Remix.run Logo
xg15 3 days ago

> By definition you can't protect yourself from the entity that provides you the software you use, because you have now way to guarantee that they aren't going to backdoor you.

That's not completely true. If I can control when (and if!) the software updates and if there is some kind of vetting process to verify that the version I'm currently running does not contain a backdoor, I can treat it like a third party with respect to the server.

I agree with you though that most current software that are made to auto-update at any time without any oversight do not fall under this umbrella. Web apps definitely don't fall under it.

SoftTalker 3 days ago | parent [-]

> if there is some kind of vetting process to verify that the version I'm currently running does not contain a backdoor

This would be extremely difficult, I would say impossible from a practical standpoint.

rstuart4133 3 days ago | parent | next [-]

> This would be extremely difficult, I would say impossible from a practical standpoint.

It's not only practical and possible, it's so common it even has a name in software engineering circles: change control. It boils down to this: you delay installing the software until it's been reviewed, tested and deployed by others. Or as Linus would put it, until the many eyeballs have had their say.

As for "the person in control of the platform": the solution is to remove some of that control. You make new versions of the software available for anonymous download, so the provider has no idea who is upgrading. All open source distributions provide their software in that way. No proprietary platforms I'm aware of do, because they want a "billing relationship" with the customer. Once downloads are anonymous, the owner of the software can't target individuals with a tailored Trojan Horse binary. Everyone gets the same binary, and so there are lots of eyeballs looking at it.

The final piece of the puzzle is reproducible builds, which ensures the many eyeballs can see the code use to build the binary.

All this has been around for a while now, so it's largely a solved problem in open source distributions. The problem with web-based cryptography is it isn't managed like an open source distribution. Downloads aren't anonymous, the source isn't available or signed, and it changes so fast change control isn't possible. So yeah, as things stand it's snake oil. But it doesn't have to be - it's just the way things are now.

1718627440 2 days ago | parent | prev [-]

Calculating a hash and comparing against reproducible builds doesn't seem to complicated.