On Sat, Aug 1, 2009 at 1:32 PM, David Gerard dgerard@gmail.com wrote:
2009/8/1 Brian Brian.Mingus@colorado.edu:
On Sat, Aug 1, 2009 at 1:07 PM, David Gerard dgerard@gmail.com wrote:
2009/8/1 Brian Brian.Mingus@colorado.edu:
And of course, you can just ship them the binaries!
Trusted clients are impossible. Particularly for prrotecting against lulz-seekers.
Impossible? That's hyperbole.
No, it's mathematically accurate. There is NO SUCH THING as a trusted client. It's the same problem as DRM and security by obscurity.
http://en.wikipedia.org/wiki/Trusted_client http://en.wikipedia.org/wiki/Security_by_obscurity
Never trust the client. Ever, ever, ever. If you have a working model that relies on a trusted client you're fucked already.
Basically, if you want to distribute binaries to reduce hackability ... it won't work and you might as well be distributing source. Security by obscurity just isn't.
- d.
Ok, nice rant. But nobody cares if you scramble their scientific data before sending it back to the server. They will notice the statistical blip and ban you.
I don't think in terms of impossible. It impedes progress.