Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

As infogulch noted, the reason I counter mentions of Paul Karger's attack (MULTICS early 70's) that Thompson wrote about is that is has to be a social fad/meme to mention it when it's happened only twice on record. Millions of attacks, countless vulnerabilities by compiler errors, many repos compromised, and 2 instances of a compiler-induced subversion. Yet, you brought up Trusting Trust instead of the other stuff we really need to worry about. That's typical do I always point it out.

Plus, Karger pointed out solution shortly after the problem: verified compiler, safe languages, repo security (esp paper in safes), crypto/courier distribution, and designed to build locally from source using onsite tools rerunning all tests, proofs, etc. Mitigates the need for worrying about Trusting Trust most of the time plus knocks out majority of attacks. Better to mention that if worried about subversion. Or Myer's landmark work that defined in detail problems and solutions.

Trusting Trust meme just misdirects focus from important issues.



I wasn't the one who brought up Trusting Trust.

But the person who did said

> you don't have to write a whole new compiler from scratch, unless you're worried about "trusting trust" attacks.

The point of that comment (at least, as I read it) isn't that you have to be worried about "trusting trust", but rather that there's no point in writing a new compiler from scratch unless you already are worried about "trusting trust" (with the implication being that most people aren't and so writing a new compiler from scratch isn't necessary).

SCM security issues (as you mentioned) are irrelevant at this point, because they really have no bearing on whether you have to write a new compiler from scratch.


Didn't look at the name. Too much of a hurry. My bad.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: