[ale] OT: HTC Advice

Rev. Johnny Healey rev.null at gmail.com
Sun Apr 22 20:20:37 EDT 2012


On Sun, Apr 22, 2012 at 5:56 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
> Not to sound too fond of my tin foil beanie, but code on a web site is not
> by default the exact same code released and installed. It would be a
> terribly bad day for Google if that were the case.
>
> Is it possible to take the released source code and compile it and then do a
> bitwise comparison or SHA256 sum of the binary on my phone to the compiled
> version to look for a match?

That approach will work as long as you trust your compiler. Ken
Thompson's "Reflection on Trusting Trust" comes to mind.

http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf

Though, I'd imagine that if there is a backdoor into the java
compiler, oracle would probably know more about it than google.

-Rev. Johnny Healey


More information about the Ale mailing list