Comment by sshh12
1 year ago
It's a good question that I don't have a good answer to.
Some folks have compared this to On Trusting Trust: https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_Ref... -- at some point you just need to trust the data+provider
In general, it is impossible to tell what a computer program may do even if you can inspect the source code. That’s a generalization of the halting problem.
That’s not correct. There is not a general solution to tell what any arbitrary program can do, but most code is boring stuff that is easy to reason about.
But a malicious actor can hide stuff that would be missed on a general casual inspection.
Most of the methods in https://www.ioccc.org/ would be missed via a casual code inspection, esp. if there weren't any initial suspicion that something is wrong about it.
4 replies →