|
It is very interesting how everyone rants about trust, but they are perfectly happy running their 'open-source' code on closed-source CPUs (Intel, AMD x86-64, Apple M1, etc) with closed-source firmware, and raves over how they 'don't know what a flag does', and how they want or even have 'full control' of their computers and the code that runs on them, which is not remotely true. At the risk of running into a slippery slope, unless one single-handedly: - audits the entire codebase for some open-source OS; - audits the entire specification for an open-source ISA, and an open-source implementation of said ISA, such as RISC-V BOOM; - locally compiles the audited codebase on the audited CPU, targetting the audited ISA; one cannot claim to say 'I want to know what that flag does'. For all we know, Intel might have NSA backdoors and might 'phone home' to some server. I understand the idealism behind 'trust is earned', but at some point, trust has to be given, because unless we are willing to make some serious compromises, we will never be in full control of the complete hardware-software stack. |
Though I agree overall, I’ve read the code (and compiled) the operating system I use day to day, but that seems to be uncommon apparently, and I’m not above just trusting some package maintainer.
That said: trust is still earned, and easily lost.
There’s a lot to indicate lost trust in Microsoft (despite the fact that I did say in my parent comment that it’s separate from the point).