arisuchan    [ tech / cult / art ]   [ λ / Δ ]   [ psy ]   [ ru ]   [ random ]   [ meta ]   [ all ]    info / stickers     temporarily disabledtemporarily disabled

/λ/ - programming

structure and interpretation of computer programs.
Name
Email
Subject
Comment

formatting options

File
Password (For file deletion.)

Help me fix this shit. https://legacy.arisuchan.jp/q/res/2703.html#2703

Kalyx ######


File: 1499680705976.jpg (34.05 KB, 1039x771, KcS6k.jpg)

 No.403

Is there any validity to this claim? I have been thinking about it all week and I can't actually see the flaw in it. Maybe computers are just different than real life?

 No.404

>>403
it's an oversimplification to make a meme

 No.405

File: 1499684767219.jpg (74.38 KB, 376x480, hogwash.jpg)

dude, like how high are you right now?

 No.409

I don't get your question, at all.
Does it imply a different meaning for "Open source"?
Take the linux source, look at it. It's not a binary, it's not compiled from another language to C either.
Likewise for the gcc source
What, at all, does bootstrapping have to do?

 No.411

How would you compile either without having the source code?

 No.412

>>411
pen, paper and a manual harddrive

 No.413

>>409
isn't it obvious? You need a compiled binary to be able to compile an "open source" product.

 No.414

>>413
The fact that you have a compiled binary does not make it open source. Software is open source so long as its source is available.

Also, technically, you don't actually need a compiler to compile. You can do it by hand. The compiler just makes it much faster and easier.

 No.415

>>414
By your logic, windows is open source since it's just a bit of data that i have when i use the source available qemu virtual machine.

 No.416

>>413
I know you're trolling, but help me to understand what your reasoning is, because it's so weird.
Should we then all write directly in machine language, since that's the only way that we can have an open source project, by your parameters.

 No.417

>>413
>>416
Oh I think I get it, you're saying that the source code goes away once you compile the project?
Well you can always compile with debugging symbols (cc -g …) and keep the source directory right next to vmlinuz. Then the source maps directly to portions of the binary kernel.
But not quite because optimizations wipe some of that stuff.
But then again, the processor doesn't run ascii files directly. And if it did, it would be ENIAC-slow.
I guess you could use a forth system as your OS/kernel, then things would map more or less better to what is running.
But what's the point anyway? Linux and gcc are open source, you can read the damn source. The only complaint is that at the source of everything, a thompson hack could be lying in the very first closed source compiler that was used to compile the very first working gcc binary.
You can get around this by writing an interpreter in assembly language (again, Forth would be your best option) and then write your compiler in that interpreter, and compile gcc using that compiler. Go ahead. Save the world from an hypothetical Thompson Hack.
If you think the virus is in gcc, you can read the source and… ooh I get it, gcc is not really open source because it's unreadable GNU-style C. Agreed.

 No.418

>>417
Unless the compiler hack was so sophisticated that it surreptitiously added an instance of itself to the source from the kernel binary, protected by a comment that says / Magic, DO NOT TOUCH / in which case we are all doomed from the very beginning. Thankfully we have the BSDs and clang, unless that one is infected too!
On the other hand, just by using Intel processors you can only assume you're compromised. And I doubt the integrity of every other processor vendor as well, unless they provide full schematics.
Welp, back to doing everything with pencil & paper and cheap chinese 4-operation calculators.
You opened my eyes.

 No.419

>>418
Of course, one need not confuse the map with the territory, are the schematics really the template for the processor? Perhaps a backdoor was introduced during manufacture, so we can never know either. Perhaps the manufacturer machines are controlled by a linux machine compiled with gcc! Everything is out of control now! Are the illuminati behind all these? Is there anything we can do at this point?
Time to trash all forms of digital technology and go back to being hunter gatherers, because look where technology has led us. This is why we can't have nice things.
Also sorry for the multipost I got really excited here.

 No.423

What the image suggests to me is the possibility of having a secret backdoor in the GCC binary which inserts itself into the binary when you compile the GCC source code. Basically
http://wiki.c2.com/?TheKenThompsonHack

 No.425

bro…

 No.426

>>419
See? This is what happens when we discuss Thompson Hacks. Every single time.

 No.429

>>419

I unironically feel this way, not in terms of the gcc thing from OP, but in terms of the hardware. We really need open source hardware with monitored and carefully designed manufacturing practices to prevent messing with things.


We need a device or instrument or checksum of some sort which can actually look at the chip and verify that it is what is on the schematic with some sort of statistics and checksum.

We really need a non-backdoored processor, and just throwing that off as "oh stop being so ridiculous anon!" is not a good step in the right direction.

Something like the open source ICE FPGA as the main processor in a laptop where you can pick and choose your computation paths yourself would be really nice.

 No.449

File: 1501201175257.jpg (58.84 KB, 680x588, smugmaid.jpg)

Decompilers exist. Doesn't that make everything open source?

 No.455

>>429
>just throwing that off as "oh stop being so ridiculous anon!" is not a good step
Yes, it's so annoying that you can never hope to have the possibility of a remotely secure system (not that Unix helps in any way, right?) given that even if you take painstaking efforts to harden your system, it already has a built-in backdoor at the hardware level.
I'm not even paranoid that a 3-letter agency will have a reason to try and break into my system, but it's just insulting that we are sold this huge attack on our privacy and we don't have a say in the matter.

 No.457

>>403
Are you retarded? Google 'bootstrapping'. It has nothing to do with licensing. If you disassemble the output and find something malicious, you can just tell people about it, then change it and redistribute it.

 No.458

>>415
Open Source is not 'source available'. Open Source is a group of permissive licenses and the ideas behind them. However, the source code at Microsoft is not the machine code, since no human writes machine code. They could lie and say they did, but that'd just make it source available if it were true. They'd still have a restrictive license.

 No.459

The quality of being open or closed source technically doesn't exist in software; it is not a property or aspect of the software. It's in the same bucket as things like copyright and ownership - it's just metadata, baggage about but not part of the actual code. Open and closed source does not exist from a technical point of view, it's more of an economical and social question, regarding the infrastructure of people developing it.
Copyrighted music is harder to spread, closed sourced code is harder to get. This does not affect the nature or quality of the code. What may have some vague effect on it is that the people writing it have different ideologies that is reflected by their work.

Linux as on operating system is neither open nor closed source, nor anything else. Linux as a human endeavour is open source.

 No.461

>>459
Software is not just the executable, it's the full product, assets, documentation and sometimes source code included.

 No.467

Learn assembly and use open source hardware, fgt.

 No.469

So the OP discovered trusting trust. Congratulations.

However, Linux is still demonstrably open source. It follows from the definition. So what is there left to be discussed?

https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf

 No.480

>>458
> Open Source is not 'source available'
What's really funny to me is how a critique often given of the term 'free software' by people who prefer 'open source' is that it is confusing because it seems to imply that the software is gratis, even though I think it might be as pervasive a misconception (maybe even more so than the one concerning 'free software') that 'open source' is just about whether you are allowed to read source code.

 No.717

Start out with a barebones compiler, maybe even one you've written yourself via DOS assembly or something. Write your own OS for a 486 if you want.

Use a floppy drive to ferry stuf back and forth between your "modern" unverifiable machine to the "verified" machine which is barebones enough you can "trust" it to produce non-backdoored stuff.

You might have to do a few iterations, but once you've "bootstrapped" e.g., a very old version of a "mainstream" compiler (whose source you looked over before feeding it into your trusted compiler on your trusted machine), you can use it to bootstrap the rest of a verifiable whatever

 No.718

>>449
Only stuff that's not obfuscated (or at least, not obfuscated enough so that it can still be decompiled)

and then the aspect of whether you can republish your changes without getting sent to r8p land by the FBI, I would say is significant

 No.719

Vanilla/Classic Linux-kernel a matter of fact isn't, due to the corporate pressure and strategic collaboration conducted by the Open Source movement, of which Linus identifies himself with. Linux-libre, on the other hand, is free software, which means it contains no proprietary firmware.

 No.720

Does a "doomsday bootstrap" procedure exist? For example, if all of the compiled binaries in the world suddenly disappeared, and all that was left was all of the source code, what steps could a person do to write a kernel in machine code, write an assembler in machine code, write a C compiler in asm, and finally compile the rest?
In a more practical sense, are there any guides (which are verifiably safe) that avoid the Ken Thomson Hack by bootstrapping from the hardware level? (Yes, the hardware could be compromised too, but such a procedure would remove all software layers of trust.)

 No.722

>>720
If all the compiled binaries in the world suddenly disappeared (to include every copy of HexEdit and every running OS), what are you going to write stuff in even machine code with?

The only thing I can think of is magnifying glass and re-magnetizing a floppy disk byte-by-byte with a very old Linux version floppy disk, which you had stored perhaps an amplified copy of via holes in metal plates (think Fine Structure apocalypse backups), if you didn't want to go Old Skool and trial-and-error remagnetizing the floppy every time you grokked in another byte from your paper manual on 486 assembly

And that's even putting aside the need for a BIOS and 70MB of firmware required to boot most computers today

 No.723

>>722
>magnifying glass
I don't know why I typed that

I meant
>microscope and some kind of soldering-iron-but-magnetic thing

 No.725

>>722
Dang, you're right. It would have to start with the soldering iron and TTL. Recreating 80 years of computer technology won't be easy…

 No.727

File: 1506277708714.png (60.96 KB, 225x239, 225px-Stallman3.png)

>>459
>Linux as on operating system

 No.912

I think I'm starting to understand OP, and why Unix and monolithic kernels turn out to be a mistake…
I don't know how hard this is, I only know it is possible, but I've been entertaining the idea that somewhere along the bootstrapping process someone might have injected a Thompson Hack on the kernel, and that ever since it has spread so that now there could be even thousands of computers running a compromised binary. Whether this already happened or not doesn't nullify the fact that it is possible, and that with a kernel with millions of LOC and such a gigantic ass (and obfuscated) compiler, such a virus would be really hard to detect.
No matter how LEEBRAY gcc and linux are, both are pretty much fucked already. rms accomplished nothing, if anything, he helped fuck us over with his obfuscated-source Unix userspace.

 No.913

Linux can be open source (in regards to OP's picture) if someone makes his own hardware and writes machine code by reading the source code for both gcc and linux.

I never quite understood the point of open source, because it's really just "I could look at it if I had time" source. I don't trust the judgments or eyes of anyone other than me, I don't have the time to read through all of it unless I'm trying to find every bug in an already outdated snapshot of a source repo.

 No.914

>>913
>. I don't trust the judgments or eyes of anyone other than me
i don't trust the judgements of any other single person,
but all the judgements of /everyone/ else sound pretty reliable.

 No.915

>>914
Like the one which claims that Naruto or One Piece are vastly superior to Serial Experiments Lain.

 No.916

>>913
This guy's got it right, imo. As illustrated by the Thompson Hack itself, tracing malevolent behaviour in an unwieldingly complex system makes it's "openness" a moot point, for the malicious piece of code could be hidden anywhere among all that spaghetti.
Is linux really "open"? is gcc really "Free"? I recall rms obfuscating it so it would be fucking hard to use it… well… freely.

 No.917

>>915
i mean i agree with everyone if they all agree with eachother.

if there is a single person who can point out backdoors in Linux, i wouldn't trust it.

 No.919

OP is probably talking about trusting trust attack.



[Return] [Go to top] [ Catalog ] [Post a Reply]
Delete Post [ ]