Announcement

Collapse
No announcement yet.

On Trusting Trust

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    On Trusting Trust

    A lot of open source advocates, my self included, used to thing that if the code was open source then "1,000 eyes" would find and squash all bugs and security holes. Then one day, about 15 years ago, I read a paper by Ken Thompson, delivered at his 1975 ACM Turing Award ceremony, titled "Reflections on Trusting Trust".
    https://www.cs.cmu.edu/~rdriley/487/...stingTrust.pdf

    The necessity for keeping in mind what Thomson wrote was brought back home after I read a comment by a Blockchain enthusiast who thought that the fact that the blockchain was open source would protect it from security compromises.

    CuNNTs, 13 hours ago

    The compiled machine code is open sourced and independently reviewed by thousands of expert programers. SHA 256 implementation is not complex. The most significant hazards are found elsewhere - the disruption of the infrastructure. This is where true de-fi is so important.... we are not there yet; the more we move in that direction, the more the establishment will move to destroy it.
    Ken wrote this:
    MORAL
    The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, aloader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well-installed microcode bug will be almost impossible to detect.
    Ken had created a C compiler that, after being compiled at the 2nd stage of infection, would show no trace of a "Trojan Horse" in the binary but using that C binary to compile perfectly clean source code an app containing the Trojan Horse would result.

    A commercial software company, for instance, could deliberate create such a compiler binary that they included with their programming tools. They could even supply the perfectly clean C compiler source code, and that source code could be compiled by the binary C compiler to create another C compiler that would match the original C compiler binary, BUT any code compiled by it, regardless of how clean the source is, will contain the Trojan Horse.

    Could that happen to the g++ C compiler? From the Wikipedia:
    When it was first released in 1987 by Richard Stallman, GCC 1.0 was named the GNU C Compiler since it only handled the C programming language.[1] It was extended to compile C++ in December of that year. Front ends were later developed for Objective-C, Objective-C++, Fortran, Ada, D and Go, among others.[7] The OpenMP and OpenACC specifications are also supported in the C and C++ compilers.
    I doubt that Stallman has written all those front ends to g++, that compile has been ported to many other OS's and platforms.

    Could a back door exist in every program compiled by the g++ ? Or in all the microcode residing on the CPU, GPU and the PROMs on the mobos? The GPL requires that if someone receives a copy of the g++ binary they can ask for the source code as well. If the compiler was a 2nd stage product it could compile its own, clean, source code and still produce and infected g++ binary.

    Do you trust Stallman and the folks who helped him create g++? Do you have a choice? Whether you think your system is clean or not depends on how cynical you are. I am very cynical.
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    #2
    Back doors? Of course. Trusting or not trustung Stallman, or any other single human, is irrational; and not that he or any other human is therefore untrustworthy. The point is do you want to trust nothing, with the alternative of fearing and avoiding everything, or do you trust the least risk solutions. The least risk computing solutions are the ones that actually do have a thousand eyes including developers, testers, and users. I would also agree that there is no such thing as a zero risk computing solution.
    The next brick house on the left
    Intel i7 11th Gen | 16GB | 1TB | KDE Plasma 5.27.11​| Kubuntu 24.04 | 6.8.0-31-generic



    Comment


      #3
      Originally posted by jglen490 View Post
      I would also agree that there is no such thing as a zero risk computing solution.
      Pretty sure the abacus is hack proof!
      Last edited by Snowhog; Dec 06, 2021, 08:12 PM.
      Windows no longer obstructs my view.
      Using Kubuntu Linux since March 23, 2007.
      "It is a capital mistake to theorize before one has data." - Sherlock Holmes

      Comment


        #4
        Originally posted by jglen490 View Post
        Back doors? Of course. Trusting or not trusting Stallman, or any other single human, is irrational; and not that he or any other human is therefore untrustworthy. The point is do you want to trust nothing, with the alternative of fearing and avoiding everything, or do you trust the least risk solutions. The least risk computing solutions are the ones that actually do have a thousand eyes including developers, testers, and users. I would also agree that there is no such thing as a zero risk computing solution.
        I would have to say that this is a truism. IMO.

        However, on the abacus. Unless it has been in your soul possession and site and you remember exactly each position, that too can be "hacked" to something different. I only state that from a scene in a recent movie where the abacus user was distracted just for a split moment and the bead moved and they didn't really notice. I know, I know, far fetched, but hey, anything humans touch requires a level of trust on the device and the humans around it.

        Comment


          #5
          Originally posted by Snowhog View Post

          Pretty sure the abacus is hack proof!
          My saw begs to differ.
          Last edited by Snowhog; Dec 06, 2021, 08:13 PM.

          Comment


            #6
            If a machine of me is connected to internet on any way, I always take for granted 'everybody' can read 'everything' I write etc. Just to be sure. But since I'm not doing illegal things, that's not a big paranoia for me.

            About the abacus: what if your abacus is made of wood and I put some woodworms in your house?

            Comment


              #7
              Originally posted by Goeroeboeroe View Post
              ....But since I'm not doing illegal things, that's not a big paranoia for me.
              ...
              It's not whether you are doing illegal things, it is rather IF the powers that be, i.e., the ones with the guns, think you are doing illegal things. A Regents University Law School professor points this out very clearly.



              "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
              – John F. Kennedy, February 26, 1962.

              Comment


                #8
                Yes, of course. I should have expressed myself more clear. Actually I'm very pessimistic about lots of this kind of things.
                I meant: since I personally don't do illegal things, and since I live in a country where I don't have to be afraid of the government with things like prison or torture, I personally don't have to be afraid for myself.

                Comment

                Working...
                X