On Sat, 30/8/14, Rohan McLeod <rhn@jeack.com.au> wrote: Subject: [luv-talk] Secure and Bug Free ? To: luv-talk@luv.asn.au Received: Saturday, 30 August, 2014, 9:26 AM SNIP "... control and from there to fly-by-wire and then fly-by-fiber networks; (removing hundreds of kilo-meters of fire prone complex, heavy wiring in the process); ..." DP: I once heard somebody referring to the fact that while mechanical, electrical OR optical control wires/fibres are often severed by bullets or shrapnel, leading to a plane crash, because a <insert name of the military jet> had a boron fuselage the whole thing could transmit optical packet signals which would still get through as long as there was any continuous skin between the communicants. SNIP "... anyway the assumption is that the compiler may introduce bugs, security holes. " DP: Many LUVees will have read or heard of Ken Thompson's infamous Turing Award Lecture This link enables downloading a PDF http://dl.acm.org/ft_gateway.cfm?id=1283940&type=pdf&ip=202.45.117.50 . or if you prefer select it yourself eg. from http://amturing.acm.org/award_winners/thompson_4588371.cfm Given Ken's explanation & the layers of software inside hardware, (was there EVER a X86 desktop microprocessor if that means where hardware executed X-86 instructions?), I suspect confidence that no one CAN spy on one's computer(s) is rarely justified! " ... Apparently the resulting RT OS has very little functionality, which is remedied by supplying that functionality via Linux VM's ..." DP: The RT OS runs on a VM which runs on Linux or have I misunderstood? (I REALLY don't think embedded system gurus will regard that as hard real time any-more, at least on a normal Linux kernel.) "... Apparently the OS is available as open-source and binary for ARM and x86 CPU's, but not in the above secure form at: http://sel4.systems " DP: To paraphrase (yes this time I will in a teasing fashion), Ken in the above lecture: simply examining the source code & compiling it yourself won't guarantee that the resulting software won't have intentionally programmed effects you don't want but someone else does. Not that I'm suggesting NICTA would would destroy your purity of essence with nasty spyware additives; - no sir! On a related note, Genode released a new framework last Thursday. "Genode is an offspring of the L4 community" whatever that means. Somebody decided to fork off & do their own project? http://genode.org/about/index