FOSS won't help you very much unless you're willing to build your entire tool ch...

vkou · on April 24, 2021

That's like saying that seatbelts don't help very much, unless you're willing to wear a motorcycling helmet, and install a roll cage in your car.

In the worst-case scenario, no, your seatbelt won't help. I'm still going to wear one.

lisper · on April 24, 2021

The difference is that the interior of your car is not typically an adversarial environment.

brewdad · on April 25, 2021

The exact moment that you need a seatbelt is the same moment your car's interior becomes an adversarial environment.

dllthomas · on April 25, 2021

"Adversarial" in this sense is meaningfully different than "dangerous" - at no point is your car trying to outsmart you.

jfrunyon · on April 25, 2021

You're right, the car isn't trying to outsmart anyone - physics is trying to outsmart engineers.

dllthomas · on April 26, 2021

Nah, physics doesn't need to try :D

ce4 · on April 25, 2021

That really depends on your threat model. Every effort to reduce your attack surface increases the effort needed for your adveraries. Your "won't help very much" is only true for the trusting trust problems in the paper, i.e. if you need to survive state sponsored attacks

dllthomas · on April 25, 2021

Trusting Trust actually says that vetted source isn't enough! Fortunately it's been defeated (https://dwheeler.com/trusting-trust/), such that vetted source and multiple compiler executables that are unlikely to be compromised in the same way can be enough if you use them carefully (which, to my knowledge, we don't).