Comment by sshh12

1 year ago

It's a good question that I don't have a good answer to.

Some folks have compared this to On Trusting Trust: https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_Ref... -- at some point you just need to trust the data+provider

In general, it is impossible to tell what a computer program may do even if you can inspect the source code. That’s a generalization of the halting problem.

  • That’s not correct. There is not a general solution to tell what any arbitrary program can do, but most code is boring stuff that is easy to reason about.

    • But a malicious actor can hide stuff that would be missed on a general casual inspection.

      Most of the methods in https://www.ioccc.org/ would be missed via a casual code inspection, esp. if there weren't any initial suspicion that something is wrong about it.

      4 replies →