/prog/ - trusting trust considered harmful

Name: Anonymous 2013-06-24 22:14

http://cm.bell-labs.com/who/ken/trust.html
Ken Thompson, creator of UNIX
"You can't trust code that you did not totally create yourself."
C compiler could put an invisible backdoor in the Unix login command when it noticed that the login program was being compiled
C compiler could also add this feature undetectably to future compiler versions upon their compilation as well.
"I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect."
"No amount of source-level verification or scrutiny will protect you from using untrusted code."

Name: Anonymous 2013-06-24 22:45

>>1
If it ain't Dennis MacAlistair Ritchie, it's shit.

Name: Anonymous 2013-06-24 22:54

>>1
when it noticed that the login program was being compiled
this would require solving halting problem.

so we are perfectly safe.

Name: Anonymous 2013-06-24 23:00

>>2
but he's dead.

Name: Anonymous 2013-06-25 5:18

everybody who took a cs course should already hear about that 'trusting trust'

btw that guy promoted harsher punishments for hackers in the very same article

The act of breaking into a computer system has to have the same social stigma as breaking into a neighbor's house.

Name: Anonymous 2013-06-25 6:19

Sure, Thompson is good, but is he Abelson good?

Name: Anonymous 2013-06-25 10:09

Sure, programs can be Abelson evil, but are they TEL AVEVIL?

Name: Anonymous 2013-06-25 11:00

I want to create my own operating system compiled by my own compiler against my own libraries. Where do I start?

Name: Anonymous 2013-06-25 11:33

>>8
Start by learning Symta.

Name: Anonymous 2013-06-25 13:41

>>8
Just start with the easiest part: with stdbool.h. Once you've done that, you'll have finished the rest in no time at all.

Name: Anonymous 2013-06-26 0:19

>>8
Assembly

Name: Anonymous 2013-06-26 0:24

My C compiler caught a virus once...
I had to delete it =(

Name: Anonymous 2013-06-26 0:32

>>3
the login program
the

A source comparison would suffice. It is not necessary to identify every login program for the attack to be useful.

IHBT.

Name: Anonymous 2013-06-26 2:04

How about "Hardware Backdoors in ICs Considered Harmful"?

"- You cannot trust hardware where you did not build all the logic gates yourself!"

Name: Anonymous 2013-06-26 2:25

>>14
It's easy to reason the logic of IC. You put in some test input and the output should be as expected. If there is any discrepancy, that particular function is broken.

Name: Anonymous 2013-06-26 2:36

>>15
What if there is some secret quantum hardware to compensate for that? What if the NSA has released a spore of nanobots that pick up or alter circuitry at runtime when very specific conditions are met? What if the entire universe is a simulation and the simulator will always present the proper output and input only when it detects that it is being observed? What if God decides to spy on you and alters the physical properties of the universe itself only in your circuit when you aren't testing it?

You can never trust things based in nature.

Name: Anonymous 2013-06-26 2:42

>>16 thats why i dont

Name: Anonymous 2013-06-26 2:48

>>16
Because that's retarded.

Name: Anonymous 2013-06-26 3:13

>>16
"...what IS real...?"

On an unrelated note, NSA-related paranoia seems to be creeping up in literally every 4chan thread these days.

Name: Anonymous 2013-06-26 4:10

This is murther I say

Name: Anonymous 2013-06-26 13:09

>>19
Maybe it has something to do with some recent events, oh I don't know, maybe a large leak regarding NSA's warrantless mass surveillance.

Name: Anonymous 2013-06-26 13:12

http://www.theonion.com/articles/the-government-has-no-right-to-pry-into-what-goes,32815/
where is the satire

Name: Anonymous 2013-06-26 13:49

>>15
But when an IC has state it can pretend to be anything.

Also, assuming that two or more ICs are conspiring against you, they have at least two other modes of communication: whisper over the same wire signals at a lower voltage level that fits in the logic family's tolerances, or with intentional EMI, one chip can radio back and forth with another chip.

Name: Anonymous 2013-06-26 14:41

>>23
use opto-isolators

trusting trust considered harmful

1 Name: Anonymous 2013-06-24 22:14

2 Name: Anonymous 2013-06-24 22:45

3 Name: Anonymous 2013-06-24 22:54

4 Name: Anonymous 2013-06-24 23:00

5 Name: Anonymous 2013-06-25 5:18

6 Name: Anonymous 2013-06-25 6:19

7 Name: Anonymous 2013-06-25 10:09

8 Name: Anonymous 2013-06-25 11:00

9 Name: Anonymous 2013-06-25 11:33

10 Name: Anonymous 2013-06-25 13:41

11 Name: Anonymous 2013-06-26 0:19

12 Name: Anonymous 2013-06-26 0:24

13 Name: Anonymous 2013-06-26 0:32

14 Name: Anonymous 2013-06-26 2:04

15 Name: Anonymous 2013-06-26 2:25

16 Name: Anonymous 2013-06-26 2:36

17 Name: Anonymous 2013-06-26 2:42

18 Name: Anonymous 2013-06-26 2:48

19 Name: Anonymous 2013-06-26 3:13

20 Name: Anonymous 2013-06-26 4:10

21 Name: Anonymous 2013-06-26 13:09

22 Name: Anonymous 2013-06-26 13:12

23 Name: Anonymous 2013-06-26 13:49

24 Name: Anonymous 2013-06-26 14:41