Who Must You Trust?

A friend recommended this recent article by Thomas Wadlow, "Who Must You Trust?". It's outstanding!

https://queue.acm.org/detail.cfm?id=2630691

 

It's a good read.

Exactly. We're always dependent on others to some extent (and going on that analogy, not even Les Stroud will go into the Canadian woods without an axe- not even when he shot Snowshoes and Solitude). If you look around your home you'll find that almost every single item had a team of people that went into its design (not even getting into all the materials needed to make the thing and where they came from). Operating systems and software is exactly the same way.

Though sometimes it gets tempting to go off in the woods and not have to deal with it or play that game.

 

One of my all time favorites is: Partition of Trust

The article uses different wording as pasted in below. I "trust" every hop in my circuit but should a bad apple or even two get in my mix, there would still be enough security to leave me intact. So I trust but I plan for a breach of trust. Should a singular breach happen, I will still be standing at the end of the day!



Layer your Security

When it comes to trust, you should not depend on any one entity for security. This is known as "defense in depth." If you can have multiple layers of encryption, for example, each implemented differently (one depending on OpenSSL, for example, and the other using a different package), then a single vulnerability will not leave you completely exposed.

 

TRUE for "trust" = "make yourself vulnerable to consequences created by other things/people"

FALSE for "trust" = "adequately research/test/evidence-gather to establish correct, desired, behavior prior to and while making yourself vulnerable to the consequences created by other things/people"

 

Haven't read the link but just going by the title "who you MUST trust" tells me I think this words misused. Trust can't be simply commanded or decided on in the name of convenience or because there's no other option. Trust has to be earned.

To trust someone is to absolutely believe 100% they'll do what they say. Anything less is simply hope. Of course there's not one single person we can trust in everything and nor do we need to.

 

There much more to it than that. I recommend reading the linked article

 

OK read it. Yes, great article mirimir. As for the usage and the meanings of words, its still "trust according to technology," rather than "technology according trust". Im sure it was you or someone who said somewhere "trust no one". I agree, because in this setting and all that technology involves isn't conducive to a fail safe scenario.

 

Fair enough

As I read it, it's about how best to proceed when you know that you can't entirely trust anyone, or anything.