On Sat, Aug 1, 2009 at 9:35 PM, Brian Brian.Mingus@colorado.edu wrote:
Never trust the client. Ever, ever, ever. If you have a working model that relies on a trusted client you're fucked already.
Basically, if you want to distribute binaries to reduce hackability ... it won't work and you might as well be distributing source. Security by obscurity just isn't.
- d.
Ok, nice rant. But nobody cares if you scramble their scientific data before sending it back to the server. They will notice the statistical blip and ban you.
What about video files exploiting some new 0day exploit in a video input format? The Wikimedia transcoding servers *must* be totally separated from the other WM servers to prevent 0wnage or a site-wide hack.
About users who run encoding chunks - they have to get a full installation of decoders and stuff, which also has to be kept up to date (and if the clients run in different countries - there are patents and other legal stuff to take care of!); also, the clients must be protected from getting infected chunks so they do not get 0wned by content wikimedia gave to them (imagine the press headlines)...
I'd actually be interested how YouTube and the other video hosters protect themselves against hacker threats - did they code totally new de/en-coders?
Marco