• xmunk@sh.itjust.works
      link
      fedilink
      arrow-up
      8
      ·
      6 months ago

      Everyone knows that if a member of the PRC’s secret police took a plane to LAX they’d be physically unable to write malware or backdoors. America has a circle of protection cast over it that prevents malicious actors.

      Obviously, yea, we should empower an agency to check all software for backdoors… and, ideally, they should be checking for shit from the NSA too.

      • Software is easy. It’s the hardware backdoors that are hard to find, and those have been being built for at least a decade. They were pretty simple to start; I can’t imagine what they’re capable of hiding in 5nm process chips.

        • xmunk@sh.itjust.works
          link
          fedilink
          arrow-up
          6
          ·
          6 months ago

          The hardware backdoors are pretty difficult to find… but I object to your statement that software is easy. The obfuscated C contest is a wonderful demonstration.

          • You know the best way to analyze a submission to the OCCC? Compile it, then run the result through a disassembler. You get back far more readable code than the source.

            But you’re right; reading code isn’t easy; I meant relatively. If you have government-level resources and can hire a bunch of experienced software developers to review source code, armed with a bunch if static analysis tools (<cough>NSA), you have a decent chance of finding malicious code in software. I know of no similar tools (and the automated software analysis tools are the important factor) for finding backdoors in hardware.

    • barsquid@lemmy.world
      link
      fedilink
      arrow-up
      7
      ·
      6 months ago

      Just for cars, though, right? If both cars and telecoms aren’t allowed to freely sell our data to police how will the government continue violating our 4th Amendment rights?