New ask Hacker News story: Ask HN: How much can we trust open-source projects or our hardware?

Ask HN: How much can we trust open-source projects or our hardware?
3 by solosquad | 5 comments on Hacker News.
For large open-source security-focused projects like Kali Linux, we’re told there are no backdoors but with millions of lines of code, how can we actually verify that? Full manual auditing isn’t feasible for most individuals. Some thoughts/questions: Are reproducible builds and supply-chain audits enough to trust the binaries? What strategies exist for spotting subtle backdoors in such large codebases? For hardware, how do you approach the risk of compromised firmware, microcode, or hidden subsystems (e.g. Intel ME, AMD PSP)? Do projects like Coreboot, Heads, or formally verified kernels meaningfully reduce this risk in practice? Beyond reading every line yourself, what’s the best way to build confidence? How much trust (percentage-wise) do you personally put in OSS security projects or commodity hardware, and what technical mitigations do you use to minimize blind trust?

Comments

Post a Comment

Popular posts from this blog

How can Utilize Call Center Outsourcing for Increase your Business Income well?

Image
Call center outsourcing is not uncommon however, not every company can live up to the expectations of a great client. The service provider should have the ability to assist you obtain access to new abilities and competences in order to help you achieve efficiency and effectiveness in your company. Digital office providers assist business in providing unique, innovative solutions that are intended to custom-fit your personal small business needs. Some back office service providers also have fully-developed outbound calling and telemarketing services that you can utilize. The world has taken a huge leap with the technological revolution. What was impossible before now seems to be a matter of seconds. As we see more and more start-ups and digital companies emerging, we need to understand how we can account the rising number of BPO companies that can be helpful to us. Running a call center internally may be an expensive affair particularly when it...
Read more

New ask Hacker News story: EVM-UI – visual tool to interact with EVM-based smart contracts

EVM-UI – visual tool to interact with EVM-based smart contracts 21 by magnusgraviti | 8 comments on Hacker News. Hey HN! We've built https://evm-ui.com, a free tool that allows you to interact with smart contracts visually. It started as an internal project while building Web3 apps for clients — we needed something more flexible and lightweight than Remix or Etherscan's UI. Unlike Etherscan or Polygonscan, you don't need to verify and open-source your smart contract to get a working UI. Paste the ABI (or load it from a template) and proceed. With EVM-UI, you can - Import contracts by address + ABI, or paste ABIs directly - Read/write functions with auto-generated UI (supports all Solidity types, including arrays) - Execute actions with smart inputs (dropdowns, min/max helpers, etc.) - Switch between EVM chains, testnets, or local RPCs within one workspace - Use developer tools (Keccak256, ABI encoder/decoder, address utils) - Share environments with your team and your cl...
Read more

New ask Hacker News story: Ask HN: Should I quit my startup journey for now?

Ask HN: Should I quit my startup journey for now? 2 by lkuebler | 4 comments on Hacker News. One year ago I started as an intern at a start-up. Things evolved and we are now a team of two-founders and one developer (me). We are running out of money and so my bosses chose to not pay themselves and myself a salary. What can I do to get reimbursed for my work at the startup? Currently there's not much work for me but if the other two guys manage to close the ongoing funding round in approx. 3 months they want to hire me full-time. Can I demand equity from them in advance to assure my piece of the cake once the money has arrived? The answer they gave me to this was they would give me the shares once the round is closed. But this is only good for them, not for me. Right? I am very new to start-up things and really don't know how to act. Feel free to share your experiences with getting shares as one of the first employees in a start-up.
Read more