[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] OT: HTC Advice

Subject: [ale] OT: HTC Advice
From: rev.null at gmail.com (Rev. Johnny Healey)
Date: Sun, 22 Apr 2012 20:20:37 -0400
In-reply-to: <CAEo=5Pws_Vn1-b+ViF0BsgT9iWsrJLGRHHHE=QqZiwOdbk7cig@mail.gmail.com>
References: <[email protected]> <[email protected]> <CADT30qXDF42Cx=Xfenygg1PZpm6KJBQjEo+Fymgv29d8wscy4Q@mail.gmail.com> <CAEo=5Pws_Vn1-b+ViF0BsgT9iWsrJLGRHHHE=QqZiwOdbk7cig@mail.gmail.com>

On Sun, Apr 22, 2012 at 5:56 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
> Not to sound too fond of my tin foil beanie, but code on a web site is not
> by default the exact same code released and installed. It would be a
> terribly bad day for Google if that were the case.
>
> Is it possible to take the released source code and compile it and then do a
> bitwise comparison or SHA256 sum of the binary on my phone to the compiled
> version to look for a match?

That approach will work as long as you trust your compiler. Ken
Thompson's "Reflection on Trusting Trust" comes to mind.

http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf

Though, I'd imagine that if there is a backdoor into the java
compiler, oracle would probably know more about it than google.

-Rev. Johnny Healey

Follow-Ups:
- [ale] OT: HTC Advice
  - From: jim.kinney at gmail.com (Jim Kinney)

References:
- [ale] OT: HTC Advice
  - From: skotchman at gmail.com ([email protected])
- [ale] OT: HTC Advice
  - From: ghostfreeman at gmail.com (Cameron Kilgore)
- [ale] OT: HTC Advice
  - From: hooterpincher at gmail.com (Charles Shapiro)
- [ale] OT: HTC Advice
  - From: jim.kinney at gmail.com (Jim Kinney)

Prev by Date: [ale] OT: HTC Advice
Next by Date: [ale] OT: HTC Advice
Previous by thread: [ale] OT: HTC Advice
Next by thread: [ale] OT: HTC Advice
Index(es):
- Date
- Thread